Philosophizing about the .Net religion
Browse by Tags
All Tags »
Security (
RSS)
-
|
Ok, after running into this several times and being thoroughly annoyed, I finally found the fix (and I do mean fix). What I’m talking about is the annoying secure IE mode that is installed by default in Windows 2003. I understand the thinking (I...
|
-
|
I'm sure I've posted this before, but David Hayden's post prompted me to make sure this video resurfaces on the top of the CodeBetter feed (instead of buried in my comments). If you have ever thought, "hey defending the network is not my problem... that...
|
-
|
I just read this article on Ajaxian about the new S3 Javascript Bindings . Very cool! They have implemented SHA1 hashes in Javascript! I also am intrigued by the idea of calling/retrieving Javascripts from S3 Service. I’m scared about the possibilities...
|
-
|
Michael Howard (one of the Author's of Writing Secure Code ) says that there are 2 types of security problems: those involving untrusted input and everything else. It's true. Most of the security issues that we face and have to deal with in our code can...
|
-
|
Just wanted to point myself and others to a great article on encryption. Eric Marvets writes about Block Cyphers and IVs. Prior to reading the article I would have been able to give you a vacuous answer as to what Intialization vectors (IVs and sometimes referred to as salt) do. I could not have told you exactly how they work.
|
-
|
Ok, I just found something that cause me to yell "AAAAACCCCCKKKKK!!!!!!" While trying to resolve an issue with an configuration/encryption library that we use here at work, I remembered reading a table of contents of a book I own that mentioned a section...
|
-
|
[I retitled this post. Admittedly the original idea was a little hairbrained... It was too early in the morning, I was contemplating a problem that is mentioned in the comments, and quite frankly I hadn't fully thought through everything... I will leave...
|
-
|
Friday, I blogged my Bi-Annual security rant . Just to recap I was having a problem with a commercial tool that has a free version for single programmers (it's more of a team-oriented piece of software, but it helps me manage bugs). After reading their...
|
-
|
[It's time for my Bi-Annual Password rant... you know the one where I yell at us programmers for building systems that don't allow someone to enter a unicode or ascii character in a password. This is also the rant where others tell me that I shouldn't...
|
-
|
After about a month and a half, I finally feel that I have had enough time with the Constable Authorization Engine (CAZE, hereafter) that I understand it enough to write about it. This is a big product. I'm actually a little intimidated by it (it's that...
|
-
|
I'm sure everyone thinks I quit reading Ken's blog a while ago despite the truce. We definitely have a different opinion about a couple subjects (that I'm not going to bring up). We both evidently have a passion for security. (BTW, I definitely still...
|
More Posts