.NET Framework 3.5 SP1 Allows managed code to be launched from network

submitted by wisemx 6 days, 10 hours ago

blogs.msdn.com — Hurray, its finally fixed! manage code 'just works' from network file share! Now I know that some of you are probably just saying 'who cares' or 'huh?' but for those of us who have hit this problem, this has been a major deployment headache, and I am happy to say that the end of this particular problem is in sight. The problem scenario is this. If you have a managed applications like 'MyApp.exe' it works great if you run it locally (eg C:\bin\MyApp.exe), but fails when you try to run it from a network location (eg \\Myhost\bin\MyApp.exe). The problem is that the security system for the runtime treats network locations as less trustworthy than local locations, and thus throws an security exception. The problem is that failing to run managed code WHILE STILL ALLOWING UNMANAGED EXE's to run, does not provide any security (because hackers will simply use unmanaged code) but does cause nontrivial deployment headaches (manage apps can't be run from network locations). read more...

add a comment | category: Security | Views: 4

Authorization policies in WCF: from tokens to claim sets

pfelix.wordpress.com — This post describes the process that begins with the authentication of a token and ends with a collection of claim sets, available at the AuthorizationContext. read more...

add a comment | category: Security | Views: 5

Kaminsky DNS Exploit Exposes Bigger Core Challenge for Internet

gregness.wordpress.com — Most DNS servers are still unpatched and Kaminsky has acknowledged that the patch is not a long term fix. Then what are network admins to do? read more...

add a comment | category: Security | Views: 3

More than 60% of Recursive Name Servers Unpatched According to CERT

gregness.wordpress.com — This report published today features data from Austria, with findings consistent with another report with global implications. These unpatched servers can be exploited in minutes with exploits that are now published. read more...

add a comment | category: Security | Views: 2

DNS Vulnerability now in the Wild

gregness.wordpress.com — The recently announced DNS vulnerability discovered by a security research has now gone into the wild, upstaging Dan Kaminsky's upcoming Black Hat preso. read more...

add a comment | category: Security | Views: 11

Easily Injecting HTML into RadEditor

charlesrcook.com — This is a demonstration on how easily client side content can be injected at runtime. read more...

add a comment | category: Security | Views: 9

Captcha the Flag

jeffblankenburg.com — Jeff Blankenburg shows what Microsoft has up its sleeve for a new generation of CAPTCHA. read more...

2 comments | category: Security | Views: 410

MVC Routing Security Hole

published 1 month, 10 days ago, submitted by TroyMG 1 month, 11 days ago

squaredroot.com — Stephen Walther's latest MVC tip introduced me to the MVC framework's ability to pass server variables into actions as parameters. Unfortunately using this feature is a very bad idea and could jeopardize the security of your application. Take a look at a code sample you might find surprising. read more...

add a comment | category: ASP.NET | Views: 193