Monthly Archives: September 2004

Even more Research on the ASP.NET Vulnerability

My previous post was based on an incomplete test scenario. what i can say by now is – i can reproduce the bug on Windows XP with 1.1 and even 1.1 SP1. i cannot reproduce the bug on Windows 2003 … Continue reading

Posted in Uncategorized | Leave a comment

More research on the ASP.NET Vulnerability

See this post for an update This seems to be fixed in .NET 1.1 SP1 i could reproduce the vulnerability on V1.1.4322573 (which is plain 1.1) – but i couldn’t reproduce it on V1.1.4322.2032 (which is 1.1 SP1) so – … Continue reading

Posted in Uncategorized | Leave a comment

Serious ASP.NET Forms Authentication Vulnerability

forwarded from OWASP-DOTNET read the whole story here for some examples of vulnerable and not vulnerable web.config settings. It seems from the original mail that microsoft wasn’t even contacted before disclosing this vulnerability which is extremely bad style. this is serious!   … Continue reading

Posted in Uncategorized | Leave a comment

Fully Trusted Code and ASP.NET

There is quite a lot of talk recently about the dangers of fully trusted code. i can only agree. Keith Brown gives some nice examples in his article “Beware of fully trusted code” what code can do if all CLR … Continue reading

Posted in Uncategorized | Leave a comment

Go and Buy It!

the must-read book for .net developers is finally shipping!  

Posted in Uncategorized | Leave a comment

Pinging in Whidbey

saturday morning fun… using System;using System.Net.NetworkInformation;class WhidbeyPing{  static void Main(string[] args)  {    PingReply reply = new Ping().Send(args[0]);    Console.WriteLine(“Reply from {0} – Roundtrip Time {1} ms”, reply.Address,                                                                                       reply.RoundTripTime);  }}  

Posted in Uncategorized | Leave a comment

Converting C# to VB.NET

i currently have to convert code and some slide decks for a customer to this strange language that doesn’t accept semicolons at the end… most of the time this is a no-brainer – but a time consuming and annoying task. … Continue reading

Posted in Uncategorized | Leave a comment