** NOTE **  EDIT 29/9/2010 ASP.NET Security Update is now available. See here. EDIT 21/9/2010 : Scott Guthrie has published FAQ on the Security Vulnerability, read it here. Read his original post on the issue here. ** ** See Steve Smith's blog post for ...

In .NET Framework any code which does not have the FullTrust cannot make calls to a strong named assembly.The strong naming of assemblies is again a requirement to register the same in GAC to be shared by multiple applications.Most of the third party libraries we use are strong named.Is there a way out by which an assembly can reside in the GAC ...

Fasthosts, ''the UK's number 1 web host'' (by self acclamation I'm sure) is in the news today because apparently all of their customers' passwords (in plaintext) were compromised by a security breach.  They've asked all of their customers to change their passwords immediately, and of course since many people use the same passwords on ...

Wow, even Slashdot, anti-Microsoft capital of the Web, acknowledges that six months after its release, Vista Security is still besting Linux.  From the site: ''Great report on security vulnerabilities for MS/Linux/OS X. This is a revised version of the one Jeff Jones did back on March 21: Windows Vista — 90 Day Vulnerability Report. This ...

Michael Sutton recently blogged on creating a SQL Injection Attack crawler app that used Google to locate sites thar were susceptible to SQL Injection attacks. Scott Guthrie mentions the post in his blog.  Take a look at Michael's and Scott's posts. Very scary stuff. I guess I thought everyone knew this stuff already but then again it ...

Recently, a question came up in the ASP.NET security forums about the lack of a remote membership/role configuration tool in ASP.NET 2.0.  Being able to remotely manage users is important in pretty much any site where you have users.  Fortunately, QualityData has stepped in and developed that plus a little more in their ...

In a previous post (http://aspadvice.com/blogs/rjdudley/archive/2005/05/21/2595.aspx), I showed one way to protect files from direct download by configuring IIS.  In a shared hosting environment, this usually isn't possible, so I'll show another way to protect these files. First, a little review.  Out of the box, only certain file types ...

Today's NewsFactor Network showed up in my inbox, and the lead story was: ------------------------------------------------------------ 1. E-Mail Authentication: Holy Grail or Lost Cause? ------------------------------------------------------------ Originally, e-mail was never designed to do anything more than deliver text messages. But ...

My latest ASP Alliance article has been published: A Simple Passphrase Generator Passphrases have been receiving more and more attention as part of a strong security policy. When building secure web-based applications, assigning random passphrases to new user accounts can be a bit of a challenge. In this article, we'll build a simple passphrase ...

My latest ASP Alliance article has been published today: Preventing Page Review after Logout with Forms Authentication The inclusion of Forms Authentication in the .NET Framework has been a significant benefit to developers securing web-based applications. While pages can be secured server-side, local caching by browsers and proxy servers may ...