• .NET Security Blog

    All About Assert Part I: What Assert Actually Does

    • 11 Comments
    There are several common misconceptions about the Assert stack modifier, not the least of which are: Assert changes an assembly's permission grant Assert is just a perf optimization You don't need the permissions that you're Asserting in order to effectively...
  • .NET Security Blog

    Post Build Assembly Modification Or: Why Won't SN -Vr Work on Tampered Assemblies

    • 1 Comments
    A while back I wrote about delay signing an assembly, and using SN -Vr to register that assembly to have its signature verification skipped. However, some people have noticed that SN -Vr doesn't work if you fully sign an assembly and then tamper with...
  • .NET Security Blog

    SafeHandle

    • 12 Comments
    Prior to Whidbey, interop with Win32 handles was done by passing IntPtrs back and forth through P/Invoke. This had several drawbacks including: Lack of type safety. Nothing is preventing me from taking an IntPtr containing a HWND and passing it to a method...
  • .NET Security Blog

    Serializing Permissions Across CLR Versions

    • 4 Comments
    An interesting question came up in the newsgroups today. If you serialize a permissions set (either by calling ToXml().ToString() directly on the permission, or by converting to an XML Element ), you'll get permissions that look like this: <IPermission...
  • .NET Security Blog

    Matt Pietrek on How Iterators Work

    • 0 Comments
    One of the things on my blog todo list was to write an entry showing how C# iterators work under the hood. Well, Matt Pietrek beat me too it. You can find an exploration of the state machine that the C# compiler generates for you when you create an iterator...
  • .NET Security Blog

    Whidbey's New SecurityException

    • 14 Comments
    One of the more difficult things to debug with .NET 1.0 and 1.1 is the security exception. With these frameworks generally the only information that you got was the state of the failed permission. Due to the complexity of debugging security problems,...
  • .NET Security Blog

    Using DecryptDocument with Super-Encrypted Data

    • 2 Comments
    The EncryptedXml class comes with a nice utility method called DecryptDocument (For more information about using DecryptDocument check out my previous post introducing XML Encryption ). This method will decrypt all the EncryptedData elements it finds...
  • .NET Security Blog

    Bye Bye Mr. CIO Guy

    • 0 Comments
    This is a few weeks old, but I figured I'd post it anyway since it's pretty funny. Channel9 is hosting Pat Helland, Don Box, and David Chappell singing their response to Nicholas Carr's assertion in the Harvard Business Review that IT Doesn't Matter ...
  • .NET Security Blog

    Why == and the Equals Method Return Different Results for Floating Point Values

    • 3 Comments
    There's a subtle difference between comparing floating point values with the Equals method and comparing them with the == operator. (In all the code I show in this post, I use the Double class, however everything I say also applies to the Single class...
  • .NET Security Blog

    Eric Explains Why Generic Parameters Have Only One Letter

    • 0 Comments
    A lot of people have been wondering why the CLR design guidelines (and the generic BCL classes), use only single character names for generic parameters instead of using longer more descriptive names. Eric Gunnerson has posted an explanation over on his...
  • .NET Security Blog

    What Happens When My Application Throws An Unhandled Exception

    • 6 Comments
    There are several different behaviors that can occur when a managed application throws an unhandled exception. The two most common are to bring up an error dialog box, or to pop up the Visual Studio Just In Time Debugger dialog box. The first behavior...
  • .NET Security Blog

    Generating StrongName Keys

    • 3 Comments
    (updated 12/03/04 to point to refactored code ) Generating Keys It's been just under a month since I've updated the Managed StrongName API , so here's the next set of APIs. This time, I've setup the APIs needed to create a new key suitable for signing...
  • .NET Security Blog

    ClickOnce Bootstrapper Manifest Generator

    • 0 Comments
    David Guyer, from the VB.Net test team, has released his ClickOnce Bootstrapper Manifest Generator on GotDotNet . This tool allows you to generate manifests that describe any pre-requisites to install for a ClickOnce application. You can find more details...
  • .NET Security Blog

    Chat with the Crypto API Team ... For Real This Time

    • 3 Comments
    A few weeks back, I mentioned the Crypto API team was having an online chat. It got postponed from the original date, but has finally been rescheduled to next Wednesday, July 7th. The chat will be from 11:00am to noon Pacific time (6:00-7:00pm GMT for...
  • .NET Security Blog

    New Debugger Features for Whidbey

    • 1 Comments
    Andy blogs about the new features in the Visual Studio 2005 debugger. Of all these, tracepoints seems the most exciting to me, although life will be made much easier with visualizers and the STL data display.
  • .NET Security Blog

    What's in a Name

    • 0 Comments
    With the beta 1 release of Whidbey, you'll start to see that many of the ClickOnce APIs require an application name. This application name isn't a simple name, like “Microsoft Word” or “HelloWorld”. Instead it is made up of three...
  • .NET Security Blog

    Whidbey Beta 1 Ships

    • 7 Comments
    Well, we've finally released beta 1 of .NET 2.0 and Visual Studio 2005 . In adition to the beta 1 release, we've also announced Express SKUs for Visual C++, Visual Basic, Visual C#, Visual J#, and SQL Server (as well as a web developer express SKU). The...
  • .NET Security Blog

    A Code Snippet Before The Weekend

    • 2 Comments
    Just a quick post for today. I needed to use the LPPROCESS_INFORMATION C type from managed code today, so I poped over to PInvoke.net to see if there was any information on it. There was a definition for PROCESS_INFORMATION , but nothing on LPPROCESS_INFORMATION...
  • .NET Security Blog

    Managed Strong Names: Verification and the msn.exe tool

    • 1 Comments
    (Updated 12/03/2004 to point to refactored code .. see that article for a more accurate description of the current structure of the project) I've posted the first bit of code for the managed strong name implementation . So far, it only does strong name...
  • .NET Security Blog

    Managed StrongName API

    • 5 Comments
    About a week ago, I wrote about verifying strong name signatures from managed code . There are also several other strong name APIs exposed to unmanged code that don't have any managed equivilent, so I thought it might be a good idea to turn that post...
  • .NET Security Blog

    Chat with the Crypto API Team

    • 3 Comments
    The CAPI team that delivers the Microsoft Cryptography SDK (the unmanaged crypto API, not System.Security.Crytpography), will be having an online chat where they'll answer questions about using Crypto API. They'll also take suggestions for changes to...
  • .NET Security Blog

    Calli is not Verifiable

    • 3 Comments
    This entry probably doesn't pertain to very many people, but I got bit by this the other day, and thought I'd at least document it to prevent some future google user from having the same problem. In the ECMA CLI specification, the calli instruction...
  • .NET Security Blog

    What's the Deal with the ECMA Key?

    • 3 Comments
    The libraries laid out in the ECMA spec are all signed with a public key that looks pretty strange. If you ildasm mscorlib.dll, System.dll, or any of the other framework libraries that are defined in the ECMA specs (see partition IV: Library if you're...
  • .NET Security Blog

    Checking For A Valid Strong Name Signature

    • 9 Comments
    Recently a question came up from someone who was trying to have a plugin architecture for their application, but wanted to do some checks before loading a plugin. Specifically, they wanted to ensure that the plugin was signed with a specific public key...
  • .NET Security Blog

    WinDbg 6.3.17 Released

    • 3 Comments
    The debugging team has just released the Debugging Tools for Windows version 6.3.17. There are several new improvements in this release, the most obvious of which is the new UI enhancements which allows you to dock windows, window tabs, and tear window...
Page 12 of 15 (368 items) «1011121314»