Monthly Archives: March 2006

Dick did it again

Another Identity 2.0 talk – maybe not as perfectly timed as the 1st one – but interesting information. http://identity20.com/media/ETECH_2006/

Posted in Uncategorized | Leave a comment

Sichere Kommunikation mit .NET 2.0

Teil 3 meiner MSDN Reihe über die Security APIs von .NET 2.0 ist online – diesmal geht es um Netzwerk-Authentifizierung und sichere Kommunikation mit NegotiateStream, Remoting und WebServices. Dazu finden Sie hier auch noch ein paar Samples: http://www.leastprivilege.com/NegotiateStreamSample.aspxhttp://www.leastprivilege.com/SecureRemoting.aspxhttp://www.leastprivilege.com/NegotiateStreamAndNTLM.aspx  

Posted in Uncategorized | Leave a comment

MS06-12 and working as Administrator

Quoting: “On vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or … Continue reading

Posted in Uncategorized | Leave a comment

Two Goodies from Microsoft

The ACE Team recently released some useful tools: The AntiXSS LibraryEnhanced version of Server.HtmlEncode and friends. recommended (currently this library demands full trust – but I heard this might change soon :) Threats Analysis & Modeling V2.0 BetaReally nice tool that is very … Continue reading

Posted in Uncategorized | Leave a comment

ASP.NET Custom Validation Controls

Passend zu meinem neuen Artikel über die Erweiterung der Validation Control Infrastruktur auf MSDN, finden Sie hier ein Beispiel für ein Validation Control, dass die Komplexität eines Passwortes überprüft. Dies ist für alle Formulare interessant, in denen Benutzer-Passwörter erfasst werden, die … Continue reading

Posted in Uncategorized | Leave a comment

ASP.NET and Shared Hosting

ASP.NET Security through the eyes of an ISP. here. Diniz wrote about that topic before and indeed the situation has changed to the better in ASP.NET 2.0, but it is really terrifying how insecure a lot of this shared hosting … Continue reading

Posted in Uncategorized | Leave a comment

ASP.NET Extensibility Code and Security Context

Whenever you write infrastructure code in ASP.NET, e.g. a module or a provider, that accesses external resources (files, databases etc) you heavily rely on the security context of the current request. And since modules or providers are made for re-use, … Continue reading

Posted in Uncategorized | Leave a comment