Monthly Archives: March 2007

Decrypting CardSpace Tokens in Partial Trust

One way to overcome the problem I described in this post would be to run in partial trust. This way you could factor out the code that does the encryption while the rest of your application doesn’t even have file … Continue reading

Posted in Uncategorized | Leave a comment

Punching Holes into HTTP.SYS

If you want to open a listen URI with HTTP.SYS you either need administrative privileges or an administrator that reserves the URI for normal users. I wrote about this here and here – and even wrote a tool to make … Continue reading

Posted in Uncategorized | Leave a comment

SQL Server 2005 Security

One of my favorite database guys wrote a whitepaper about my favorite topic: security. Check out “SQL Server 2005 Security Best Practices” – interesting read!

Posted in Uncategorized | Leave a comment

CardSpace and decrypting Tokens

While it is (technically) easy to CardSpace enable a web application or service, there are some implications regarding certificates and keys you should be aware of. Let’s focus here on the web application scenario as I think this is what … Continue reading

Posted in Uncategorized | Leave a comment

I can read your Googlemail

Enno asked me yesterday why Googlemail is using clear text HTTP by default – WTF?! I didn’t want to believe him and tried it out myself – and yes – if you go to http://www.googlemail.com they use SSL only for the … Continue reading

Posted in Uncategorized | Leave a comment

Hotels and Emails

It is not often that I rant on this blog. But this really pisses me off. At least in Europe, hotels think they have to “proxy” my SMTP connections – well a better word than “proxying” would be “man in … Continue reading

Posted in Uncategorized | Leave a comment

Windows Process Activation and Faulted Application Pools

This week I ran into a nasty bug in the Windows Process Activation Service (WAS or WPAS?) on Vista. Here is what happened… I fired up my little WAS application to verify some behavior with non-HTTP WCF endpoints hosted in … Continue reading

Posted in Uncategorized | Leave a comment