rednael - Security http://blog.rednael.com/ random thoughts, formed in the twisted mind of a coder... en-us Martijn Thie Tue, 04 Aug 2009 13:49:23 GMT newtelligence dasBlog 2.3.9074.18820 blog@rednael.com blog@rednael.com http://blog.rednael.com/Trackback.aspx?guid=4a18a728-9957-4af8-aa42-a64e69c2cb30 http://blog.rednael.com/pingback.aspx http://blog.rednael.com/PermaLink,guid,4a18a728-9957-4af8-aa42-a64e69c2cb30.aspx Martijn Thie http://blog.rednael.com/CommentView,guid,4a18a728-9957-4af8-aa42-a64e69c2cb30.aspx http://blog.rednael.com/SyndicationService.asmx/GetEntryCommentsRss?guid=4a18a728-9957-4af8-aa42-a64e69c2cb30 Securing webpages with the Locked element http://blog.rednael.com/PermaLink,guid,4a18a728-9957-4af8-aa42-a64e69c2cb30.aspx http://blog.rednael.com/2009/08/04/SecuringWebpagesWithTheLockedElement.aspx Tue, 04 Aug 2009 13:49:23 GMT Is there a way to fight JavaScript injections and cross-side scripting? Not in a very effective way. Not in a standards compliant way. Time to change the standards!<img width="0" height="0" src="http://blog.rednael.com/aggbug.ashx?id=4a18a728-9957-4af8-aa42-a64e69c2cb30"/><br/><hr/>visit my blog at <a href="http://blog.rednael.com">blog.rednael.com</a>. <br />Rednael http://blog.rednael.com/CommentView,guid,4a18a728-9957-4af8-aa42-a64e69c2cb30.aspx Script and HTML Security http://blog.rednael.com/Trackback.aspx?guid=2be3eb86-f166-4e2f-a74b-c77136c73de5 http://blog.rednael.com/pingback.aspx http://blog.rednael.com/PermaLink,guid,2be3eb86-f166-4e2f-a74b-c77136c73de5.aspx Martijn Thie http://blog.rednael.com/CommentView,guid,2be3eb86-f166-4e2f-a74b-c77136c73de5.aspx http://blog.rednael.com/SyndicationService.asmx/GetEntryCommentsRss?guid=2be3eb86-f166-4e2f-a74b-c77136c73de5 Javascript Injection http://blog.rednael.com/PermaLink,guid,2be3eb86-f166-4e2f-a74b-c77136c73de5.aspx http://blog.rednael.com/2009/08/04/JavascriptInjection.aspx Tue, 04 Aug 2009 11:52:00 GMT Injecting remote scripts into any webpage using the addressbar. How it's done and what could happen. A serious serious security issue.<img width="0" height="0" src="http://blog.rednael.com/aggbug.ashx?id=2be3eb86-f166-4e2f-a74b-c77136c73de5"/><br/><hr/>visit my blog at <a href="http://blog.rednael.com">blog.rednael.com</a>. <br />Rednael http://blog.rednael.com/CommentView,guid,2be3eb86-f166-4e2f-a74b-c77136c73de5.aspx Script and HTML Security http://blog.rednael.com/Trackback.aspx?guid=f5bb912e-c7e8-4bf6-bf29-8c653e0debeb http://blog.rednael.com/pingback.aspx http://blog.rednael.com/PermaLink,guid,f5bb912e-c7e8-4bf6-bf29-8c653e0debeb.aspx Martijn Thie http://blog.rednael.com/CommentView,guid,f5bb912e-c7e8-4bf6-bf29-8c653e0debeb.aspx http://blog.rednael.com/SyndicationService.asmx/GetEntryCommentsRss?guid=f5bb912e-c7e8-4bf6-bf29-8c653e0debeb SMTP Sinks: Using AsyncCompletion for Tarpitting http://blog.rednael.com/PermaLink,guid,f5bb912e-c7e8-4bf6-bf29-8c653e0debeb.aspx http://blog.rednael.com/2009/01/28/SMTPSinksUsingAsyncCompletionForTarpitting.aspx Wed, 28 Jan 2009 09:12:23 GMT How to enable tarpitting on your SMTP server for specific commands? This article describes how you can customize tarpitting using the AsyncCallback functionality provided by the sink interface.<img width="0" height="0" src="http://blog.rednael.com/aggbug.ashx?id=f5bb912e-c7e8-4bf6-bf29-8c653e0debeb"/><br/><hr/>visit my blog at <a href="http://blog.rednael.com">blog.rednael.com</a>. <br />Rednael http://blog.rednael.com/CommentView,guid,f5bb912e-c7e8-4bf6-bf29-8c653e0debeb.aspx .Net Microsoft SMTP Security http://blog.rednael.com/Trackback.aspx?guid=de3bf162-a075-47ee-b53f-c306e225d11c http://blog.rednael.com/pingback.aspx http://blog.rednael.com/PermaLink,guid,de3bf162-a075-47ee-b53f-c306e225d11c.aspx Martijn Thie http://blog.rednael.com/CommentView,guid,de3bf162-a075-47ee-b53f-c306e225d11c.aspx http://blog.rednael.com/SyndicationService.asmx/GetEntryCommentsRss?guid=de3bf162-a075-47ee-b53f-c306e225d11c 3 Securing your password transfers with Keyed-Hashing (HMAC/Cram-MD5) http://blog.rednael.com/PermaLink,guid,de3bf162-a075-47ee-b53f-c306e225d11c.aspx http://blog.rednael.com/2008/09/30/SecuringYourPasswordTransfersWithKeyedHashingHMACCramMD5.aspx Tue, 30 Sep 2008 14:49:26 GMT Checking passwords the secure way. This post explains how you can implement a secure password system. A system where you don't have to send your password over the internet to be validated. It explains about HMAC and Cram-MD5. Some examples (in C#.Net) are included to demonstrate implementation of the system.<img width="0" height="0" src="http://blog.rednael.com/aggbug.ashx?id=de3bf162-a075-47ee-b53f-c306e225d11c"/><br/><hr/>visit my blog at <a href="http://blog.rednael.com">blog.rednael.com</a>. <br />Rednael http://blog.rednael.com/CommentView,guid,de3bf162-a075-47ee-b53f-c306e225d11c.aspx Script and HTML Security