B# .NET Technical Community Homepage

Bart De Smet's online technical community
Welcome to B# .NET Technical Community Homepage Sign in | Join | Help
in Search

Browse by Tags

All Tags » Security (RSS)
  • SHA1 also insecure?

    There seem to be indications (no proof yet) that SHA1 (one of the well-known hashing algorithms, developed by NIST) is not secure (enough) anymore. According to http://www.schneier.com/blog/archives/2005/02/sha1_broken.html Wang, Yin and Yu would have found weaknesses in the algorithm. You might remember...
    Posted to Weblog by bart on 2005/02/19
  • MBSA 2.0

    Announcing MBSA 2.0 Beta MBSA 2.0 is the next version of the Microsoft Baseline Security Analyzer, which utilizes the Windows Update Services infrastructure for security update scanning. Please help us improve the quality of this release. We are currently accepting nominations into the MBSA 2.0 beta...
    Posted to Weblog by bart on 2005/02/17
  • Windows Server 2003 Service Pack 1 Release Candidate 2

    It's available now on http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/default.mspx . As I'm giving a training the next couple of days, I'm going to wait to install it till next week (hope it can be installed on top of RC1). There seem to be quite some changes on the Security...
    Posted to Weblog by bart on 2005/02/09
  • Important information about ASP.NET Path Validation Vulnerability

    Read more on http://support.microsoft.com/kb/886903 and http://www.microsoft.com/technet/security/Bulletin/ms05-004.mspx . It's currently under review at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0847 . The Microsoft .NET forms authentication capability allows remote attackers to bypass...
    Posted to Weblog by bart on 2005/02/09
  • Fighting spam on my blog

    Recently, I've received a bunch of spam on my blog. Luckily I'm maintaining the database of my blog myself, so I can make any changes I want in order to get rid of all this nonsense information. I found a really nice way to do this is by using triggers as explained on http://netnerds.net/articles/285...
    Posted to Weblog by bart on 2005/01/15
  • Windows Malicious Software Removal Tool

    Yet another part of the Trustworthy Computing initiative at Microsoft. This tool will be updates regularly (every second Tuesday of the month) and it will come through Windows Update and Automatic Updates as well in order to check your computer for well-known worms. Direct link: http://www.microsoft...
    Posted to Weblog by bart on 2005/01/13
  • PSP Episode 5 - How to store passwords?

    How to store passwords? A pretty well-known scenario: you're implementing a great website with forms authentication and you need to store the users' passwords somehow. But how? In this post I'll show you common techniques to do this in a secure way. First solution - don't store passwords Might sound...
    Posted to Weblog by bart on 2004/12/25
  • PSP Episode 4 - Role-based secury unleashed

    Role-based security unleashed Every .NET developer should (at least) have heard about role-based security. In this fourth episode of my "Personal Security Push" I'll talk about what role-based security is all about, how it works and how to empower it in your applications. What is it? Roles should build...
    Posted to Weblog by bart on 2004/12/25
  • PSP Episode 3 - Everyone = "including the bad guys"

    Everyone = "including the bad guys" Everyone should know the Everyone group in Windows. There's a problem however related to this group (otherwise I won't blog about it). Read on... Anonymous users Applications exposed to the entire globe typically need to be open for everyone without prior authentication...
    Posted to Weblog by bart on 2004/12/25
  • PSP Episode 2 - Debugging is a privilege (sometimes)

    Debugging is a privilege (sometimes) Still a bunch of people run as Administrator (see first episode for countermeasures) because of one reason: " I need to debug applications ". However, this argument doesn't make sense at all. Let's explain why. What do we want to debug? You can debug two types of...
    Posted to Weblog by bart on 2004/12/25
Page 4 of 5 (41 items) < Previous 1 2 3 4 5 Next >
Powered by Community Server (Non-Commercial Edition), by Telligent Systems