Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Windows   (RSS)
Friday, March 14, 2008 7:00 AM

Disabling the FIPS Algorithm Check

.NET 2.0 introduced a check for FIPS certified algorithms if your local security policy was configured to require them. This resulted in algorithms which are not FIPS compliant (or implementations which were not FIPS certified) throwing an InvalidOperationException
Posted by shawnfa | 3 Comments
Thursday, February 07, 2008 9:00 AM

Which Groups Does WindowsIdentity.Groups Return?

WindowsIdentity exposes a Groups property which returns a collection of IdentityReferences for the groups that a particular user is a member of. However, if you look closely, you'll find that these returned groups won't necessarily include all of the
Posted by shawnfa | 1 Comments
Filed under: ,
Thursday, March 15, 2007 9:51 AM

Using the MMC Snap-In to Configure 64 Bit CAS Policy

The .NET Framework SDK ships with a MMC Snap-In which enables you to, among other things, avoid using caspol to modify your local security policy. Since each runtime installed on your machine has independent security policy , the MMC Snap-In will only
Posted by shawnfa | 1 Comments
Filed under: , , ,
Tuesday, October 10, 2006 8:29 AM

Kenny Kerr Explores UAC

Kenny Kerr , one of our Security MVPs, has updated his Windows Vista for Developers series with Part4 - User Account Control. Kenny takes an in-depth look at what UAC means for developers and covers areas that a lot of other sources don't touch on, such
Posted by shawnfa | 0 Comments
Filed under: ,
Thursday, April 06, 2006 7:00 AM

Adding a UAC Manifest to Managed Code

The UAC feature of Vista is one of my favorite new features -- it really makes running as a non-admin much less painful than it has been in the past. One of the requirements that UAC puts on developers is that we must mark our applications with manifests
Posted by shawnfa | 12 Comments
Filed under: , ,
Tuesday, March 21, 2006 1:17 PM

Return of the Mailbag

Over the last week or so I've seen a few questions pop up multiple times. In no particular order: Q: Is calling a virtual method with a non-virtual call verifiable? A: It depends :-) In v1.x of the CLR this was verifiable. We made a change in v2.0 which
Posted by shawnfa | 1 Comments
Filed under: , , ,
Friday, March 03, 2006 7:00 AM

Impersonation and Exception Filters in v2.0

A while back, I wrote about a potential security hole when malicious code can set up an exception filter before calling your code which does impersonation . In the final release of v2.0, we've added a feature to help mitigate this problem. The CLR records
Posted by shawnfa | 8 Comments
Filed under: ,
Friday, January 27, 2006 8:23 AM

UAC Policy Settings

The new UAC blog (formerly LUA, formerly UAP) has up a good post on the six security policy settings that have been introduced to control how UAC works. As the Vista betas start coming out and people can start to play with UAC, knowing that some of these
Posted by shawnfa | 0 Comments
Filed under: ,
Monday, January 09, 2006 11:30 AM

PrincipalPermission and Finalizers

Nicole Calinoiu , one of our developer security MVPs, has just posted a good description of the problems that occur when using PrincipalPermission with impersonation and finalizers . The key thing to take away from this is that impersonation occurs on
Posted by shawnfa | 3 Comments
Filed under: ,
Monday, January 09, 2006 9:35 AM

Mike Rousos on Registry Security

Over the weekend, Mike Rousos (a BCL tester who's been temporarily drafted onto the security team) posted an interesting piece about the new BCL registry security support on the BCL blog . While the title mentions RegistryPermission, the post is actually
Posted by shawnfa | 2 Comments
Filed under: ,
Thursday, November 03, 2005 1:48 PM

Adding SignatureProperties to SignedXml

One of the optional portions of the W3C XML digital signature specification allows for a set of SignatureProperties to be assigned to a signature. SignatureProperties allow the signer to place some metadata into the signature itself, such as the time
Posted by shawnfa | 3 Comments
Monday, May 16, 2005 10:06 AM

Enforcing FIPS Certified Cryptography

Certain types of software, such as code written for a government contract, require adhering to a strict set of guidelines, especially when it comes to security. To better enable this type of software, v2.0 of the CLR provides the ability for you to enforce
Posted by shawnfa | 28 Comments
Filed under: ,
Wednesday, May 04, 2005 11:11 AM

Forcing Security to Stay On

Last time we looked at how the Whidbey version of CasPol uses a mutex to indicate the state of the security system. One of the more interesting fallouts from this model is that is that we can actually use this information to prevent security from being
Posted by shawnfa | 1 Comments
Filed under: ,
Thursday, April 28, 2005 8:03 AM

Whidbey's Security Off Model

Although the v1.0 and v1.1 versions of CasPol provided a switch to disable the CLR's security system, running without CAS enforcement on was never a scenario that we encouraged for obvious reasons. The choice to disable security was a system wide switch
Posted by shawnfa | 17 Comments
Wednesday, April 06, 2005 4:05 PM

Happy Birthday Channel 9

Channel 9 turns one year old today, and to celebrate they've been releasing quite a few interesting interviews. One in particular that really stands out is the four parter with Windows Kernel Architect Dave Probert . Dave gives an overview of Windows
Posted by shawnfa | 2 Comments
Filed under: , ,
More Posts Next page »
 
Page view tracker