security|Sep 27, 2016

A More Secure Microsoft Edge, and Other News from Ignite 2016

In the wake of highly publicized cyberattacks on big companies, Microsoft on Monday rolled out new security features for its Edge browser. Windows Defender Application Guard, developed for the company’s enterprise customers, will use Microsoft’s Hyper-V virtualization technology to isolate potential security threats. “The threat landscape has changed significantly in recent years,” reads a Microsoft…
Read More
News|Aug 12, 2016

Microsoft Will Ditch Azure RemoteApp, Replace With New Citrix Service

Microsoft plans to drop its Azure RemoteApp service over the next year, instead partnering with Citrix to develop new solutions for allowing remote access to Windows apps from a variety of devices. Azure RemoteApp has given businesses the ability to deploy apps from the cloud to employees who are using PC and mobile devices running Windows, Mac…
Read More
Blogs|Jul 23, 2016

Why can’t I use the “dynamic” C# keyword in Xamarin.iOS?

Occasionally I see this question pop up in various forms; usually an app developer has written some fairly clever code that relies on the dynamic keyword in C#. Their code runs swimmingly on every other platform—and it also compiles just fine for iOS. But when they run the app on a physical iPhone or iPad…
Read More
News|Jul 22, 2016

French Regulators Say ‘Non’ to Windows 10’s Data Gathering

A French regulatory agency this week said the data Microsoft collects on users of Windows 10 is “excessive” and ordered the company to stop. The French National Data Protection Commission (CNIL), made the charge in a formal notice filed Wednesday. It gave Microsoft three months to change a number of data-gathering methods that the agency…
Read More
news|Dec 23, 2015

Java Security Updates May Not Actually Be Secure

With Java SE reportedly installed on 850 million PCs, the “Java Update Available” popup has become a well known nuisance.  But keeping software up-to-date is supposed to help protect us.  According to the FTC, Java updates might be an exception to that rule. The key issue is that Java updates have not always removed older…
Read More
Blogs|Jul 10, 2015

Turn off the Attach Security Warning Dialog in Visual Studio

How many clicks has this dialog eaten out of your life? The idea for the warning is good because, you know, SECURITY. However, if you’re developing web apps or anything running in IIS, this gets old by the thousandth time you click the Attach button. It’s easy to turn off with an undocumented registry key.…
Read More
security|Dec 8, 2014

New Report Sites Significant Security Vulnerabilities in Android Devices

Security firm TrendMicro has released a new report that states that 75% of users are vulnerable to multiple attacks. In their latest Quarterly Security Roundup, TrendLabs calls out several key vulnerabilities in recent Android OS including the FakeID issue and Android Browser flaws.  The FakeID vulnerability was originally discovered earlier this year by BlueBox Labs and…
Read More
Blogs|Mar 25, 2011

Comodo SSL Certificate Breach’s Potential Impact on Security Token Services and their Identity Providers

Recently, Iranian crackers used a username and password to make certificate requests from the Comodo Certificate Authority. These requests were successful and certificates were issued for 9 domains which are published on the Comodo Fraud Incident Report page: http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html This issue is of particular importance to me because SSL is the primary mechanism by which…
Read More
Blogs|Feb 12, 2011

Disabling the Visual Studio Source Server Security Warning Dialog

The estimable Ed Blankenship posted a must read article for everyone using TFS 2010: Source Server and Symbol Server Support in TFS 2010. Bookmark that article because it’s the one stop shop for all the best practices for symbol server, source indexing, and everything related to them for VS and TFS 2010. Once you get…
Read More
security|Sep 25, 2009

Silverlight on IE6: Nagging Security Bug

Do you have a wonderful Silverlight application that you enjoy running in all of the glorious browser flavors available, only to find out that some weird quirky issue pops up in our old friend, Internet Explorer version 6.0 (IE6)? Perhaps you were as puzzled as we were when IE6 would complain with a “Security warning:…
Read More
wintellect-blogs|Dec 23, 2007

Security Implications Of Services Impersonating Callers

In my last post (Caller Impersonation for WCF Services Hosted Under IIS Appears Broken), I laid out my rationale for why I felt that the security of services impersonating a caller when hosted under IIS was broken. To be responsible, I feel it necessary to follow-up my previous assertion by noting that such a configuration…
Read More
Blogs|Jul 25, 2005

.NET Questions regarding JIT compiler/strong-naming security

A reader of my books asked me some .NET Questions regarding JIT compiler/strong-naming security. I thought I’d share his questions and my answers with you: 1.    According to Microsoft documentation the Just In-Time Compiler takes the following attributes of the machine into account when producing the executable code.  Define how these factors alter the output. …
Read More