My Blog

I’m discussing random thoughts about computer science, programming, security etc. in my blog.

Still using HTTP? That’s so 2015…

25.04.2016 | Security | HTTPS Spoofing

Since the launch of Let’s Encrypt CA in late 2015, obtaining TLS certificates has become cheap, quick and easy. Statistics this month showed Let’s Encrypt has yet issued nearly 1.8 million certificates. But it seems like this information hasn’t arrived at some website owners and API developers.

So I wrote a little script to poison DNS requests and let a little node.js script exchange all pictures requested by the victim (I will perhaps blog about this script another time). Sites and apps using TLS are perfectly fine, because they will reject connections to the fake web server without a valid certificate. Without transport security, things get mad.

Read this post in about 2 minutes

Adobe patches Flash - again

12.03.2016 | Security | Flash HTML5

Adobe just released some new security-related patches for their Flash Player. My question here is not “why again”, because I expected that. We all expected that. The real question is - who the hell still uses flash? And why are guides like “This is how you secure your flash installation now” so popular? (The expression “security hole” is always particularly funny; that’s obviously no hole here, because a hole clearly has an edge ;) )

Read this post in about 1 minute

Invoking an unmanaged 32bit library out of a 64bit process

28.09.2015 | Programming | .NET C# Legacy Wrapper

When loading unmanaged / native libraries from managed .NET code, the normal way is to use the “Platform Invoke (P/Invoke)” mechanism.

1[DllImport("shell32.dll", CallingConvention = CallingConvention.Winapi)]
2static extern int DllGetVersion(ref DLLVERSIONINFO pdvi);

The problem

P/Invoke has an annoying limitation: You can not load an x86 (32bit) library into a 64bit process and vice versa. This is especially problematic when your application is compiled with the “AnyCPU”-flag - which lets the .NET runtime decide which architecture to use at runtime - and there is only one 32bit version of a specific DLL. If recompiling the library against a different architecture is not an option, you have to find another solution.

Read this post in about 3 minutes
Page 2 of 2