March, 2004

  • .NET Security Blog

    Delay Signing

    • 28 Comments
    Most people know about the delay signing feature of the CLR. (For those who don't check out MSDN's Delay Signing an Assembly for more details). Basically, delay signing allows a developer to add the public key token to an assembly, without having access...
  • .NET Security Blog

    Which Cryptographic Operations are Available?

    • 7 Comments
    One of the more common problems to creep up when people start using the various cryptographic algorithms in the System.Security.Cryptography namespace is that their app, which works fine on their WinXP dev box suddenly starts throwing CryptographicExceptions...
  • .NET Security Blog

    Signing Specific XML With References

    • 6 Comments
    I've previously blogged about creating XML digital signatures using the .NET framework, but today I'd like to write about a more advanced technique using these signatures. My previous post signed an entire XML document, however, this is not always necessary...
  • .NET Security Blog

    Opening a command prompt for your project

    • 4 Comments
    Sometimes while working with a VS.Net project, you need to run a command line tool, either on the sources or output of the project. VS provides an easy way to add a menu item that will open a command prompt in the target directory of your application...
  • .NET Security Blog

    Why Won't using Throw a NullReferenceException

    • 2 Comments
    Today someone was curious why C#'s using statement won't throw a NullReferenceException. They had a using statement that opened a registry key, but even if that key didn't exist and the return value was null, they didn't have to worry about a NullReferenceException...
  • .NET Security Blog

    PKCS#12 in .NET

    • 0 Comments
    Michel Gallant has posted a very nice article on MSDN about using PKCS#12 key with .NET. PKCS#12 are keys, generally exported from certificates, that tend to be stored in .pfx or .p12 files. Michel has provided some nice code for opening these files from...
  • .NET Security Blog

    Debugging Unmanaged Code Calling Back Into Managed

    • 1 Comments
    One of the guys I work with spent a good part of his day tracking down a tricky problem with some code he had written. The mistake he made is relatively common, so I thought I'd share it here. The application he had written was managed. He made a delegate...
  • .NET Security Blog

    Further Strengthening Hash Algorithms

    • 3 Comments
    There's been an interesting internal email thread going on this week about the use of a hash to uniquely identify some data. The two main sources of weakness in a hash algorithm are: Collisions - the chance that two unique inputs will produce the...
  • .NET Security Blog

    More Details on Portable Crypto Operations

    • 2 Comments
    Yesterday I posted about detecting which CSP provided algorithms were available on your copy of Windows, and upgrading IE to get a newer CSP that supported more algorithms. Sebastien Pouliot provied some nice followup information on using pure managed...
  • .NET Security Blog

    Debugging the Debugger

    • 0 Comments
    Min Kwan Park's blog was making the rounds of the various Microsoft blogs yesterday, but I thought I'd also post a link for anyone who missed it (and also so I can find it again easily in the future). He's posted a helpful checklist of things to try if...
  • .NET Security Blog

    Same Site Socket Permission

    • 0 Comments
    Fairly frequently, people will want to know how to get same site socket permissions, in the same way that they can get same site web permission today. Unfortunately, the answer is that with the security objects shipped with the framework, there is no...
  • .NET Security Blog

    Kerberos Overview and Weaknesses

    • 0 Comments
    O'Reilly's Windows DevCenter has an excerpt from their Security Warrior book, giving an overview of how Kerberos works in Win2k and Windows Server 2003. They also show that Kerberos by itself does not prevent offline dictionary attacks against weak passwords...
  • .NET Security Blog

    How Exceptions Work in Rotor (and the CLR)

    • 0 Comments
    Joel Pobar has a nice post with Jan Kotas' explanation of how exceptions work in Rotor (and by extension, the CLR).
  • .NET Security Blog

    WinXP SP2

    • 4 Comments
    Well, the Windows team has finished Release Candidate 1 of Windows XP Service Pack 2, and made it available for public download . This download is not eligible for technical support, although Microsoft is going to setup some newsgroups (microsoft.private...
  • .NET Security Blog

    What's New in XML For Whidbey

    • 1 Comments
    The new XML Developer Center on MSDN has a nice article about the new XML features in Whidbey . The top 10 list is: Performance XPathEditableNavigator, an Updatable Cursor The XPathDocument as a Better DOM Easier XPath Queries with Namespaces...
  • .NET Security Blog

    Creating ACLs for Custom Objects

    • 1 Comments
    Kenny Kerr has an article up on MSDN showing how to use the Windows ACL security system on custom objects in your application. Although the article is a bit on the short side, and does deviate off topic in a few areas, it provides a nice overview of the...
  • .NET Security Blog

    New Security Tool Available for Download

    • 3 Comments
    There's a new security tool that keeps track of the ports used by applications on your machine available for download over at microsoft.com. The tool, Port Reporter, is documented in KB 837243 , keeps track of which ports are being used on your machine...
  • .NET Security Blog

    Touring the US

    • 0 Comments
    A friend of mine pointed out world66.com to me. They let you create a map of the states that you've visited in. Here's mine: Bet you can't tell which side of the country I grew up in? I decided not to count states that I'd only been in for airplane...
  • .NET Security Blog

    Security in the Visual Studio Tools for Office Suite

    • 0 Comments
    This month's MSDN magazine contained an article about security and the Visual Studio Tools for Office. Although Brian Randell and Ken Getz do a nice job of explaining the way CAS and Office interact, specifically pointing out that code groups with membership...
  • .NET Security Blog

    So What's This WinFS Thing All About Anyway?

    • 0 Comments
    MSDN has the first installment of Thomas Rizzo's new column, where he talks about what WinFS really is. The article provides a very general overview of WinFS, so hopefully in future columns Thomas will drill into more details. From what I've seen of the...
  • .NET Security Blog

    Whidbey Tech Preview

    • 0 Comments
    So by now probably everyone's heard that we've released a technical preview of Whidbey to atendees of VS Live, alpha previewers, and MSDN subscribers. I'm pretty excited about this, since I'm now free to blog about the changes in the areas I own that...
Page 1 of 1 (21 items)