ASP.NET and the Padding Oracle Attack: Wrap-up(securitythroughabsurdity.com)

submitted by j.monty(1868) 1 year, 8 months ago

Based on the news that was released at the time, it appeared that this vulnerability was just an issue AES. It turns out that this was false and that that this attack works against ANY BLOCK CIPHER meaning 3DES was also vulnerable. This wrap-up links to some mitigation techniques and also discusses how to protect against padding oracle attacks using Digital Signatures. read more...

3 comments |category: Security |Views: 338

tags: Security another

Important: ASP.NET Security Vulnerability(weblogs.asp.net)

submitted by sdorman(1415) 1 year, 8 months ago

A few hours ago Microsoft released a Security Advisory about a security vulnerability in ASP.NET. This vulnerability exists in all versions of ASP.NET. This vulnerability was publically disclosed late Friday at a security conference. Microsoft recommends that all customers immediately apply a workaround (described below) to prevent attackers from using this vulnerability against your ASP.NET applications. read more...

add a comment |category: ASP.NET |Views: 62

tags: ASP.NET Security another

Code Access Security Cheat Sheet(geeklyeverafter.blogspot.com)

submitted by brunomarques(284) 1 year, 8 months ago

A free and simple cheat sheet about .NET Code Access Security, more specifically about the declarative and imperative way of dealing with permissions. read more...

add a comment |category: Security |Views: 5

tags: Security another

Vulnerability in .NET AES puts ASP.NET Web Sites at Risk(securitythroughabsurdity.com)

submitted by j.monty(1868) 1 year, 8 months ago

ASP.NET web applications that leverage Forms Authentication, ASP.NET Membership Providers, ASP.NET Role Providers, and/or ViewState encryption are vulnerable to data exposure and potentially tampering. This vulnerability can lead to the .NET MachineKey being discovered by attackers. This post briefly details the issue and provides a simple temporary mitigation technique. read more...

2 comments |category: Security |Views: 370

tags: aes vulnerability encryption Security ASP.NET another

X.509 Certificates in .NET(www.codeproject.com)

submitted by schalkvanwyk(1335) 1 year, 8 months ago

This tutorial explains all about X.509 certificates and its current formats and shows how it can be implemented in .NET environment. read more...

add a comment |category: Security |Views: 14

tags: Security another

Using Makecert to Create Certificates for Development(www.digitallycreated.net)

submitted by schalkvanwyk(1335) 1 year, 8 months ago

When I first needed to use certificates to secure my WCF service, I didn't really understand how certificates worked, how to create them, and where they go. A lot of the tutorials on the web just give you a raw makecert command that you black-box and trust works to create your certificate. But do you really know what it's doing? read more...

add a comment |category: Security |Views: 22

tags: Security another

Security for Azure, WCF, Windows Phone 7, and Silverlight – Part 1 of (blogs.msdn.com)

submitted by guffshemr(178) 1 year, 9 months ago

The challenge with security is that it is cross-cutting – it spans multiple disciplines, even at Microsoft. This is serious and difficult stuff. I want to try to demystify it. Some of you want to see me continue developing the series "Leverage Cloud Computing with Windows Azure and Windows Phone 7 – Step 1 to Infinity." But first I want to get some security issues ironed out. read more...

add a comment |category: Security |Views: 31

tags: Security another

Crypto Obfuscator 2010 Review(www.gspdevelopers.org)

submitted by ssware(269) 1 year, 9 months ago

The definition of obfuscate is to make something confusing or difficult to understand. That’s exactly what code obfuscators try to accomplish; take your existing code and make it as hard to reverse engineer and understand as possible. With the advent of languages that compile to intermediate code instead of machine code (Dot Net, Java, etc), obfuscation is more important than ever, as it’s very easy to decompile code back into the high level syntax. read more...

add a comment |category: Security |Views: 44

tags: Security another

Securing web application against harmful SQL injections(alexandermp.com)

submitted by alexandermp(110) 1 year, 10 months ago

Ways to secure an application from SQL injections, for any application size and system complexity. read more...

add a comment |category: Security |Views: 4

tags: Security another

Windows Server AppFabric Domain Security(blogs.msdn.com)

submitted by jeremyjitr(136) 1 year, 11 months ago

If you have ever written code that is going to be used as an API for other programmers, you may start to think about writing code in a different viewpoint from what you normally do. read more...

add a comment |category: Security |Views: 7

tags: Security another

Creating Secure Strings(www.blackwasp.co.uk)

submitted by BlackWasp(4212) 1 year, 11 months ago

Highly confidential information, such as passwords or banking details, should be encrypted in memory during use to reduce the risk that it may be revealed to malware or forensic examination. The SecureString class provides this encryption automatically. read more...

add a comment |category: Security |Views: 8

tags: Security another

Why Data Center Networks Must Fundamentally Change(www.networkworld.com)

submitted by Archimedius(410) 1 year, 11 months ago

Virtualization and cloud are forcing new demands on networks and data centers. read more...

add a comment |category: Security |Views: 1

tags: Security another

Adorners(silverlightmaster.com)

submitted by gagglefish(55) 1 year, 11 months ago

A method for saving the position and size of images resized with adorners. read more...

add a comment |category: Security |Views: 3

tags: Security another

Piracy in .NET Code – Part 2 – Even when the code is obfuscated(naveensrinivasan.com)

submitted by reshmin(383) 1 year, 11 months ago

Demonstrates how the obfuscated code can still have security holes read more...

add a comment |category: Security |Views: 15

tags: Security another

Requesting Admin Approval at Application Start(justlikeamagic.wordpress.com)

submitted by elsheimy(329) 1 year, 11 months ago

Request Admin approval at application start in Windows Vista (and future versions) read more...

add a comment |category: Security |Views: 7

tags: Security another

Windows Vista File and Registry Virtualization(justlikeamagic.wordpress.com)

submitted by elsheimy(329) 1 year, 11 months ago

See how Windows Vista (and future versions of Windows) virtualizes access to file system and registry in Amdin Approval mode. read more...

add a comment |category: Vista |Views: 1

tags: Security another