.NET Security Blog
The best part about today ...
... the availability of peanut butter cups 6 2/3 times bigger than normal. The best part about...
Author: Shawn Farkas - MS Date: 02/14/2006
SN v2.0 Works With PFX Files
One enhancement to the v2.0 SN tool that may not get noticed right away is that it now has the...
Author: Shawn Farkas - MS Date: 02/14/2006
What Happens If Security Policy Files Are Missing?
We've previously discussed where the security policy files are located on your disk. Depending on...
Author: Shawn Farkas - MS Date: 02/09/2006
Which Package are the Security Tools In?
When installing the v2.0 .NET redist package, you'll find that the .Net Configuration MMC snap-in is...
Author: Shawn Farkas - MS Date: 02/08/2006
Deny and PermitOnly Are Not For Sandboxing
Deny and PermitOnly cannot be used to create an effective sandbox because like Assert, they function...
Author: Shawn Farkas - MS Date: 02/02/2006
UAC Policy Settings
The new UAC blog (formerly LUA, formerly UAP) has up a good post on the six security policy settings...
Author: Shawn Farkas - MS Date: 01/27/2006
Detecting that You're Running in a ClickOnce Application
In my last post, I mentioned that application scoped isolated storage only works if you're running...
Author: Shawn Farkas - MS Date: 01/20/2006
Isolated Storage and ClickOnce
Isolated storage introduced a new scope in v2.0 of the CLR to work with ClickOnce applications....
Author: Shawn Farkas - MS Date: 01/18/2006
How Do You Customize Your Policy?
As part of planning for our next release, we're interested in collecting some data on how you...
Author: Shawn Farkas - MS Date: 01/12/2006
LinkDemands and InheritenceDemands Occur at JIT Time
We previously saw that the SkipVerification demand for calling a method with unverifiable code...
Author: Shawn Farkas - MS Date: 01/11/2006
PrincipalPermission and Finalizers
Nicole Calinoiu, one of our developer security MVPs, has just posted a good description of the...
Author: Shawn Farkas - MS Date: 01/09/2006
Mike Rousos on Registry Security
Over the weekend, Mike Rousos (a BCL tester who's been temporarily drafted onto the security team)...
Author: Shawn Farkas - MS Date: 01/09/2006
RSACryptoServiceProvider::Encrypt Does Not Provide Deterministic Output
On one of our internal mailing lists, someone was recently surprised that calling...
Author: Shawn Farkas - MS Date: 01/05/2006
Debugging ADMHost
A few people have noticed that the ADMHost sample is not set up to do mixed mode debugging by...
Author: Shawn Farkas - MS Date: 01/05/2006
Happy Holidays
It's that time of year again when most of the offices around Microsoft start going dark, and I'll be...
Author: Shawn Farkas - MS Date: 12/19/2005
What Do You Want to See in Crypto / ClickOnce?
Now that Whidbey's out the door, it's time to look at what we want to do in future releases. If...
Author: Shawn Farkas - MS Date: 12/15/2005
New and Improved Security in the .NET Framework 2.0
To add to our other lists of "What's New in Whidbey Security", Rudolph Araujo and Shanit Gupta have...
Author: Shawn Farkas - MS Date: 12/15/2005
Process Requires FullTrust
The Process class has a LinkDemand and an InheritenceDemand for FullTrust on it. This means that if...
Author: Shawn Farkas - MS Date: 12/14/2005
Authenticode and Assemblies
The general concepts of Authenticode signing an assembly are well understood -- they mostly...
Author: Shawn Farkas - MS Date: 12/13/2005
A Look at the Xbox 360 CPU Design
Jeffery Brown has posted his paper on the Xbox 360 CPU Design from the Fall Processor Forum over on...
Author: Shawn Farkas - MS Date: 12/12/2005
CryptEncrypt and RSACryptoServiceProvider::Encrypt
The RSACryptoServiceProvider class provides two methods, Encrypt and Decrypt which seem to be the...
Author: Shawn Farkas - MS Date: 12/05/2005
Why Can't I See My Partially Trusted ClickOnce Applications in Task Manager?
If you're developing a partial trust ClickOnce application and are looking for its process in Task...
Author: Shawn Farkas - MS Date: 11/30/2005
Where Does the Stack Walk Start or: Why Do Demands from Main Always Succeed?
When starting to play with CAS a lot of people come up with toy programs that simply do a Demand for...
Author: Shawn Farkas - MS Date: 11/28/2005
Finding the Source Code for an Assembly
Sometimes, especially when working on large projects (such as, I don't know, say ... the CLR), you...
Author: Shawn Farkas - MS Date: 11/22/2005
All About RSAParameters
The RSA class exposes an ExportParameters method which allows you to get at the raw RSA key in the...
Author: Shawn Farkas - MS Date: 11/17/2005
Don't Roundtrip Ciphertext Via a String Encoding
One common mistake that people make when using managed encryption classes is that they attempt to...
Author: Shawn Farkas - MS Date: 11/10/2005
What can an ApplicationTrust tell us about an AppDomain
In v2.0, there is a new ApplicationTrust property on the AppDomain class. This property will be...
Author: Shawn Farkas - MS Date: 11/08/2005
Comments in the blog
Eric just pointed out to me that no comments appear to be showing up in my blog recently. I had...
Author: Shawn Farkas - MS Date: 11/04/2005
Adding SignatureProperties to SignedXml
One of the optional portions of the W3C XML digital signature specification allows for a set of...
Author: Shawn Farkas - MS Date: 11/03/2005
Debugging Lightweight CodeGen in VS
Haibo just posted about his debugger visualizer for dynamic methods. This is a pretty sweet piece of...
Author: Shawn Farkas - MS Date: 10/25/2005
Using Host Protection
Yesterday we looked at what host protection is and what it does. Today lets modify the ADMHost...
Author: Shawn Farkas - MS Date: 10/13/2005
Host Protection
One of our new Whidbey hosting features is called Host Protection -- basically it allows an...
Author: Shawn Farkas - MS Date: 10/12/2005
MSDN Security Issue
The annual MSDN Security Issue is now out, in addition to containing my article on hosting untrusted...
Author: Shawn Farkas - MS Date: 10/12/2005
Exploring the ADMHost Sample
When I first talked about AppDomainManagers, I mentioned that there were three ways to set them up....
Author: Shawn Farkas - MS Date: 10/06/2005
New Security Features in Visual Studio 2005
Brian Johnson has a new article on MSDN about New Security Features in Visual Studio 2005....
Author: Shawn Farkas - MS Date: 10/06/2005
Tour the CLR Security Team
Mike and I have been spending time this week meeting with the Visual Developer Security MVPs --...
Author: Shawn Farkas - MS Date: 10/01/2005
Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0
The MSDN Magazine site just put up my article, Do You Trust It? Discover Techniques for Safely...
Author: Shawn Farkas - MS Date: 09/26/2005
Transparency and Member Visibility
Before PDC we were talking a bit about security transparency, namely what it is and how to use it....
Author: Shawn Farkas - MS Date: 09/21/2005
Using Add-Ins with a ClickOnce Deployed Application
One of the attendees at the PDC had an interesting question combining ClickOnce and Add-Ins....
Author: Shawn Farkas - MS Date: 09/16/2005
RequestOptional Removes Permissions
Another interesting question arose today. An assembly was granted FullTrust by policy, which was...
Author: Shawn Farkas - MS Date: 09/14/2005
Creating Partial Trust Directories
Last night at the Writing Partial Trust Code BoF, someone was wondering if they could create a sort...
Author: Shawn Farkas - MS Date: 09/14/2005
PDC '05: Quote of the Day
The day's winding down now, and I'm getting ready to head to Keith's BoF's Writing Secure Code and...
Author: Shawn Farkas - MS Date: 09/13/2005
PDC '05: Lunch with Apple
Just got back from lunch with a group from Apple. After checking the rule book, it turns out that no...
Author: Shawn Farkas - MS Date: 09/13/2005
PDC '05: Let There Be Light
After spending the beginning of the morning in the Fundamentals Lounge, I went up to see Keith...
Author: Shawn Farkas - MS Date: 09/12/2005
PDC '05: Developer Powered
I'll be heading down to Los Angeles this Sunday to take part in my first PDC. I'm going to spend...
Author: Shawn Farkas - MS Date: 09/09/2005
Marking Your Code Transparent
Last week I discussed the concepts of security transparency and security critical code. Now it's...
Author: Shawn Farkas - MS Date: 09/09/2005
OptionsGui.py
1 # OptionsGui.py 2 # GUI for modifying MDBG options 3 4 import sys 5...
Author: Shawn Farkas - MS Date: 09/02/2005
StateWindow.py
1 # StateWindow.py 2 # Display the threads, locals, and app domains of the processes being debugged...
Author: Shawn Farkas - MS Date: 09/02/2005
IronPython + MDbg = good times
Mike Stall recently completed a project to embed IronPython into the MDbg debugger as an MDbg...
Author: Shawn Farkas - MS Date: 09/02/2005