Category: Security

Computer security related posts

September 8, 2013 / All

It’s becoming more and more common for websites to provide the capability of having two factor authentication as part of you login process. Google, GitHub, Hotmail and Dropbox just to name a few of the organisations that have embraced two factor authentication and provided it as an optional security measure. In this article I will demonstrate how to implement two factor authentication in your ASP.NET MVC application using Google Authentication.Two Factor Authentication devices

August 31, 2013 / All

If you’re developing a website where there should only be a couple of publicly accessible pages in ASP.NET MVC, then at first you may try to go through all your controllers decorating them with the AuthorizeAttribute. Although you will still want to allow anonymous users access to the login page otherwise anonymous users can never become logged in users, in MVC4 you can specify that you want to allow anonymous access to a particular action within a controller which requires the users be logged in by the decorating the actions that you want to be publicly accessible with the AllowAnonymousAttribute

Control access to your webpages with the AuthorizeAttribute

May 29, 2013 / All

When this is posted I shall be travelling around Europe (I’ve set up delayed publish), while I’m away I will be getting my fix of the Internet through public wireless networks and networks in hostels. As any security conscious person will know public wireless networks are dangerous territory where unless your connections are secured it is possible for hackers to sniff your traffic or worse, so I am setting up VPN access on my Android phone and going to share it with you.

Secure Android

March 24, 2013 / All

I’ve spoken before in some of my other blog posts (some of which haven’t been finished/published yet) about password storage strategies and how it is important to make sure that you choose the right storage strategy. One of my friends pointed out that while it should be a no brainer not to store passwords plain text or encrypted I didn’t provide any reasoning for those who aren’t familiar with this, so in that spirit I thought I would do a post on some of the problems with different storage strategies.

A user table where the used password storage strategy is plain text

March 17, 2013 / All

We are regularly asked when registering for a website to make sure that we use a secure password, over a certain number of characters, different character sets etc. but once we have submitted our password how do we know that their password storage strategy is adequate?

Yesterday I realised that I had forgotten my password for a web hosting service that I use, so I went to the ‘Forgot my password’ and entered my email address. What I received upset me, they had not sent me the standard reset my password email, they sent me an email containing my username and password!

Email from Streamline, showing their poor password storage strategy
The ‘Forgot my password’ email from a hosting company, showing their poor password storage strategy
July 24, 2010 / All
June 23, 2010 / All
June 23, 2010 / All
June 23, 2010 / All
June 23, 2010 / All