Category Archives: Uncategorized

Now that Beta 1 has shipped I am finally allowed to talk about the new/changed security features in 4.0 – but there is no one who can explain these things more elaborate and insightful than Shawn. I just saw that … Continue reading →

In Geneva you use a IssuerNameRegistry to establish trust with token issuers. The job of the registry is to parse the issuer details and return a well-known string identifying that issuer. If the registry cannot determine that well known string, … Continue reading →

I usually don’t listen to podcasts. But I must admit that Sod This! is quite entertaining. Oliver along with his buddy Gary do a nice mixture of geek-ish talk, interviews and just plain nonsense. Very recommended!

I while ago I wrote about the “Token Kidnapping” vulnerability in Windows. By looking at the slides and POC it becomes clear that there is no easy fix for that. According to Microsoft, the problem is fixed now – and … Continue reading →

Nice claim for a conference ;) I am happy to join my former colleagues from ERNW for their yearly Troopers conference in Munich. Two days full of top notch security talks – should be big fun. I’ll add my 2c … Continue reading →

I really, really hope this is a beta only issue… http://www.istartedsomething.com/20090204/second-windows-7-uac-flaw-malware-self-elevate/

The “query language” of SQL Data Services is basically a LINQ statement as a string, e.g.: from e in entities where e[“username”] == “{0}” && e[“password”] == “{1}” select e Do you see a problem here? Of course string concatenation … Continue reading →

I am thrilled to announce that Rich has joined thinktecture this week. That’s great news. I’ve been working with Rich since 2004 (in fact – he was part of that scary initiation ritual at DevelopMentor called “Test Teach”). He’s a … Continue reading →

I just spent two very unpleasant days trying to get the T-Mobile ExpressCard IV to work with Vista 64. But for some reasons the T-Mobile drivers for the Huawei E870 are screwed under 64 bit. Today I got a tip … Continue reading →

A really interesting feature in .NET 4 will be Code Contracts. They allow defining pre- and post-conditions in code along with some other more advanced options. See the PDC video here – and  more here.