Category Archives: Uncategorized

via Joe Langley: UPDATED 7/24/2006:Bug fixed where top level application groups were not copiedOption added so that you can have a patch mode (patch only one application in a store…helpful if you have more than one application in a store) UPDATED … Continue reading →

OK – this is broken. The version of QuickTime that comes with the latest iTunes download is conflicting with MS06-15 (kb908531). The only work around seems to be uninstalling the hotfix (which is a critical, remote exploitable one – so don’t … Continue reading →

The patterns&practices group has released a version of Pet Shop that uses and applies all the PAG security guidance. You can download the complete source code + design document here. Interesting read (both the .doc and the source).

Bald steht die BASTA wieder vor der Tür…Ich werde drei Vorträge über .NET Security machen. Kommt vorbei und sagt Hallo! Architektur für stabile und sichere erweiterbare AnwendungenTechniken wie dynamisches Laden von Assemblies und Reflection machen es einfach eine Anwendung zur … Continue reading →

If you are running Windows Server 2003, don’t upgrade to the newest version of iTunes (V6.0.5.20) – it won’t work… Does anyone know where I can download older versions??  

A while ago I recorded four security screencasts for MSDN UK. They are part of their Nuggets series which I always liked. Main Page:http://www.microsoft.com/uk/msdn/events/nuggets.aspx Client Certificates and ASP.NET (watch) Impersonation  (watch) Protected Data  (watch) Storing Passwords  (watch)  

That’s so cool – “Dark Room – a full screen, distraction free writing environment”. I immediately liked this when I saw it, but now there is also a .NET version. When you ever wrote a book you know what “distraction … Continue reading →

Again a URL canonicalization bug. This shows two things (again): It is very, very hard to get resource names and encodings right – even in big projects with a lot of testers. Never store sensitive data under the application vroot (the … Continue reading →

Teil 2 des HttpListener Artikels ist nun online auf MSDN. In diesem Teil wird das Hosting von ASP.NET in einem custom WebServer beleuchtet. Weiterhin werden die notwendigen Schritte gezeigt wie Sicherheits-Informationen wie Authentifizierungs-Daten vom Host an ASP.NET weitergereicht werden. Den Source … Continue reading →

Ian has two screencasts up on channel9 that show how to work with UAC as a developer. http://channel9.msdn.com/Showpost.aspx?postid=211271 and http://channel9.msdn.com/Showpost.aspx?postid=209647