Share via


.NET Security Blog

Elliptic Curve DSA

Yesterday I gave a quick rundown of all the new cryptographic algorithms available in the Orcas...

Author: Shawn Farkas - MS Date: 01/18/2007

New Crypto Algorithms in Orcas

The January CTP of Orcas is now available, and with it comes a total of 12 new cryptography...

Author: Shawn Farkas - MS Date: 01/17/2007

Combining Strong Names with Authenticode

If you want to use both a strong name and Authenticode signature on your assembly (for instance if...

Author: Shawn Farkas - MS Date: 01/10/2007

Happy Holidays!

In an effort to escape Seattle's ... interesting ... weather patterns of the last few months, I've...

Author: Shawn Farkas - MS Date: 12/22/2006

Evidence Must Be Serializable

The Evidence object acts as a collection for any sort of object that you want to add as evidence for...

Author: Shawn Farkas - MS Date: 12/20/2006

new NamedPermissionSet

Every once in a while I find some code doing something similar to this: new...

Author: Shawn Farkas - MS Date: 11/14/2006

Relative URL Membership Conditions

Caspol will allow you to setup a URL membership condition with a relative URL by using a command...

Author: Shawn Farkas - MS Date: 11/03/2006

SecureString Redux

A few times over the last couple of days discussion about a tool on the Internet which can attach to...

Author: Shawn Farkas - MS Date: 11/01/2006

Quickly Testing Code Under Different Cultures

Earlier this week, a situation came up where we needed to make sure a new feature worked when it was...

Author: Shawn Farkas - MS Date: 10/20/2006

XML Digital Signature Verification with Unknown URI Schemes

A few years back, there was a discussion thread on one of my XML digital signature posts about...

Author: Shawn Farkas - MS Date: 10/12/2006

Kenny Kerr Explores UAC

Kenny Kerr, one of our Security MVPs, has updated his Windows Vista for Developers series with Part4...

Author: Shawn Farkas - MS Date: 10/10/2006

The Differences Between Rijndael and AES

When you need to write managed code that encrypts or decrypts data according to the AES standard,...

Author: Shawn Farkas - MS Date: 10/09/2006

Using Lightweight CodeGen from Partial Trust

Last time I talked about the new Orcas feature allowing you to use reflection from partial trust....

Author: Shawn Farkas - MS Date: 10/05/2006

RestrictedMemberAccess

The September CTP of Orcas went live last night, including lots of features that other MSDN blogs...

Author: Shawn Farkas - MS Date: 09/29/2006

RSACryptoServiceProvider, Impersonation, and Ephemeral Keys

If you construct an RSACryptoServiceProvider class without specifying a name for the key, the CLR...

Author: Shawn Farkas - MS Date: 09/21/2006

[WeddingPermission(SecurityAction.Demand, Unrestricted=true)]

Having just checked in my last few bug fixes and the Orcas feature I've been working on, it's time...

Author: Shawn Farkas - MS Date: 08/04/2006

What Evidence does Internet Explorer Give an Assembly

One of the reasons I started this blog was to have a permanent record of a question I used to see on...

Author: Shawn Farkas - MS Date: 07/26/2006

$20 on Double Zero, $20 on LUA please

I spent last weekend in Vegas, and on Saturday night / Sunday morning decided to recreate those...

Author: Shawn Farkas - MS Date: 07/17/2006

ClickOnce Same Site Permissions

ClickOnce applications can request that they be granted permission to contact their site of origin....

Author: Shawn Farkas - MS Date: 07/15/2006

Sandboxed Applications Can’t Elevate Their Own Permissions

Every once in a while someone will ask how they can do something similar to these caspol commands...

Author: Shawn Farkas - MS Date: 07/13/2006

Every CLR has Independent CAS Policy

It’s relatively easy to find a set of instructions for using caspol or Admin UI to provide a CAS...

Author: Shawn Farkas - MS Date: 07/11/2006

Column Guides in Visual Studio

A lot of coding guidelines specify the maximum length for a line of code. For instance in the CLR,...

Author: Shawn Farkas - MS Date: 07/07/2006

Reducing Startup Time Due To Strong Name Verification

Occasionally we run into a scenario where someone asks about shipping a strong name skip...

Author: Shawn Farkas - MS Date: 06/23/2006

APTCA and SQL Server 2005

Last year, I explored the ins and outs of the AllowPartiallyTrustedCallersAttribute. Today, the...

Author: Shawn Farkas - MS Date: 06/23/2006

CLR Inside Out: Using Strong Name Signatures

Mike Downen, our CLR security PM, wrote the CLR Inside Out column this month in MSDN Magazine on...

Author: Shawn Farkas - MS Date: 06/16/2006

Avoiding Deny and Permit Only: Take 2

Last week when I dug into the details of the special permission optimization, we saw in the code...

Author: Shawn Farkas - MS Date: 06/14/2006

Browsing the SSCLI in Visual Studio

I've attached a simple Visual Studio 2005 project that I use for browsing the SSCLI v2 source tree....

Author: Shawn Farkas - MS Date: 06/07/2006

Special Permissions in the SSCLI

Before digging into a pretty clever optimization that the SSCLI makes for certain special permission...

Author: Shawn Farkas - MS Date: 06/06/2006

Test Signing in Action: IronPython Beta 7

The IronPython team just announced their v1.0 beta 7 release, which is especially interesting to me...

Author: Shawn Farkas - MS Date: 05/24/2006

Why the Simple Sandboxing API Requires an ApplicationBase

One trap that catches a lot of people new to the simple sandboxing API is that the API will throw an...

Author: Shawn Farkas - MS Date: 05/24/2006

Handling Custom Zones with the HostSecurityManager

We've looked at how the CLR supports mapping a custom zone to the Internet zone and how you can...

Author: Shawn Farkas - MS Date: 05/18/2006

SSCLI Zone Mappings

My previous post is begging the question "so what is the SSCLI's zone mapping policy?" It's actually...

Author: Shawn Farkas - MS Date: 05/16/2006

Custom Zones and the CLR

On the topic of zones and the CLR ... Windows lets you define custom zones outside of the standard...

Author: Shawn Farkas - MS Date: 05/15/2006

How does the CLR figure out Zone evidence?

This week, I've had three separate cases where people have wondered why the CLR was assigning...

Author: Shawn Farkas - MS Date: 05/12/2006

Simple Sandboxing and the LoadFrom Demand

One of the common problems that people run into when setting up simple sandbox domains in their...

Author: Shawn Farkas - MS Date: 05/01/2006

Category Cleanup

My Ship-It sticker for Whidbey shows that we officially shipped on October 27th -- hard to believe...

Author: Shawn Farkas - MS Date: 04/27/2006

Visual Studio Tip: Editing Project Files

Earlier I mentioned tweaking project files -- something that a lot of people do just by opening the...

Author: Shawn Farkas - MS Date: 04/26/2006

Sharing a Strong Name Key File Across Projects

v2.0 of the .NET Framework deprecated the use of the AssemblyKeyFileAttribute and...

Author: Shawn Farkas - MS Date: 04/24/2006

5 Reasons to Choose Simple Sandboxing

When it comes time to host some partially trusted code in your application, perhaps as a part of an...

Author: Shawn Farkas - MS Date: 04/19/2006

Adding a UAC Manifest to Managed Code

The UAC feature of Vista is one of my favorite new features -- it really makes running as a...

Author: Shawn Farkas - MS Date: 04/06/2006

FxCop Transparency Rules

The FxCop team has just announced the availability of RC 1 of FxCop 1.35. Notable in this release is...

Author: Shawn Farkas - MS Date: 04/04/2006

What Happens When You Fully Sign a Test Signed Assembly

When an assembly is test signed, the public key used to verify its signature is different from the...

Author: Shawn Farkas - MS Date: 04/03/2006

Getting Information about an X509Certificate's Key Container

One of the more common things a lot of people want to do with their X509Certificate2 is figure out...

Author: Shawn Farkas - MS Date: 03/30/2006

Debugging a Partial Trust ClickOnce Application

Although the theory is that by the time we deploy a finished application it's already fully debugged...

Author: Shawn Farkas - MS Date: 03/28/2006

SSCLI v2

As Jason announces, v2.0 of the SSCLI is now available for download:...

Author: Shawn Farkas - MS Date: 03/24/2006

Why Can't I See Extended SecurityException Information?

The v2.0 SecurityException is chock full of debugging goodness -- for trusted code that is. In some...

Author: Shawn Farkas - MS Date: 03/23/2006

Return of the Mailbag

Over the last week or so I've seen a few questions pop up multiple times. In no particular order: Q:...

Author: Shawn Farkas - MS Date: 03/21/2006

Impersonation and Exception Filters in v2.0

A while back, I wrote about a potential security hole when malicious code can set up an exception...

Author: Shawn Farkas - MS Date: 03/03/2006

Enveloped PKCS #7 Signatures

One of the new cryptography features in the v2.0 framework is the ability to work with PKCS #7...

Author: Shawn Farkas - MS Date: 02/27/2006

APTCA and Custom Attributes

Haibo just posted an excellent article about what happens when you use reflection to get a custom...

Author: Shawn Farkas - MS Date: 02/22/2006

<Previous Next>