27 May 2004

  • .NET Security Blog

    A Code Snippet Before The Weekend

    • 2 Comments
    Just a quick post for today. I needed to use the LPPROCESS_INFORMATION C type from managed code today, so I poped over to PInvoke.net to see if there was any information on it. There was a definition for PROCESS_INFORMATION , but nothing on LPPROCESS_INFORMATION...
  • .NET Security Blog

    Managed Strong Names: Verification and the msn.exe tool

    • 1 Comments
    (Updated 12/03/2004 to point to refactored code .. see that article for a more accurate description of the current structure of the project) I've posted the first bit of code for the managed strong name implementation . So far, it only does strong name...
  • .NET Security Blog

    Managed StrongName API

    • 5 Comments
    About a week ago, I wrote about verifying strong name signatures from managed code . There are also several other strong name APIs exposed to unmanged code that don't have any managed equivilent, so I thought it might be a good idea to turn that post...
  • .NET Security Blog

    Chat with the Crypto API Team

    • 3 Comments
    The CAPI team that delivers the Microsoft Cryptography SDK (the unmanaged crypto API, not System.Security.Crytpography), will be having an online chat where they'll answer questions about using Crypto API. They'll also take suggestions for changes to...
  • .NET Security Blog

    Calli is not Verifiable

    • 3 Comments
    This entry probably doesn't pertain to very many people, but I got bit by this the other day, and thought I'd at least document it to prevent some future google user from having the same problem. In the ECMA CLI specification, the calli instruction...
  • .NET Security Blog

    What's the Deal with the ECMA Key?

    • 3 Comments
    The libraries laid out in the ECMA spec are all signed with a public key that looks pretty strange. If you ildasm mscorlib.dll, System.dll, or any of the other framework libraries that are defined in the ECMA specs (see partition IV: Library if you're...
  • .NET Security Blog

    Checking For A Valid Strong Name Signature

    • 9 Comments
    Recently a question came up from someone who was trying to have a plugin architecture for their application, but wanted to do some checks before loading a plugin. Specifically, they wanted to ensure that the plugin was signed with a specific public key...
  • .NET Security Blog

    WinDbg 6.3.17 Released

    • 3 Comments
    The debugging team has just released the Debugging Tools for Windows version 6.3.17. There are several new improvements in this release, the most obvious of which is the new UI enhancements which allows you to dock windows, window tabs, and tear window...
  • .NET Security Blog

    Running Processes as a Different User

    • 14 Comments
    Before Whidbey, if you wanted to run code as a different user, you needed to use impersonation. There was no easy solution for starting a new process and having it run with a different user's credentaials. Probably the best solution in v1.0 and 1.1 of...
  • .NET Security Blog

    A .NET Developer's Guide to Windows Security

    • 3 Comments
    Keith Brown has made avaiable an online version of his book, The .NET Developer's Guide to Windows Security . You can browse the book for free, with a slightly modified title: A .NET Developer's Guide to Windows Security . I haven't had time to look through...
  • .NET Security Blog

    Making Strings More Secure

    • 40 Comments
    The standard System.String has never been a very secure solution for storing sensitive strings such as passwords or credit card numbers. Using a string for this purpose has numerous problems, including: It's not pinned, so the garbage collector can move...
Page 1 of 1 (11 items)