Browse by Tags

All Tags » Alun's code (RSS)
Wed, Nov 18 2009 21:02

My take on the SSL MITM Attacks – part 3 – the FTPS attacks

[Note - for previous parts in this series, see Part 1 and Part 2 .] FTP, and FTP over SSL, are my specialist subject, having written one of the first FTP servers for Windows to support FTP over SSL (and the first standalone FTP server for Windows!) Rescorla...
Posted by Alun Jones | with no comments
Filed under: , , , ,
Sat, Nov 7 2009 15:24

Why .NET apps keep crashing on your Tablet PC

I’ve been struggling with this issue for some time. I have a small, simple .NET application I wrote in Visual C# a few months ago – I’ve tentatively titled it “ iFetch ”, because it fetches radio shows from the BBC iPlayer . It really is very little more...
Posted by Alun Jones | with no comments
Filed under: , , ,
Mon, Jul 13 2009 23:48

How FTP Data Connections Work Part 2 (OR: Fun With Port 20)

As we mentioned in the 1st part of this series , FTP is a more complex protocol than many, using one control connection and one data connection. A recap of the first post… In typical Stream Mode operation, a new data connection is opened and closed for...
Posted by Alun Jones | 1 comment(s)
Filed under: , , ,
Wed, Jul 8 2009 23:18

How FTP Data Connections Work Part 1 (OR: Don’t Open Port 20 in your Firewall!)

This will be the first of a couple of articles on FTP, as I’ve been asked to post this information in an easy-to-read format in a public place where it can be referred to. I think my expertise in developing and supporting WFTPD and WFTPD Pro allow me...
Posted by Alun Jones | 9 comment(s)
Filed under: , , , ,
Thu, Jan 22 2009 4:39

The CWE Top 25 Programming Mistakes

I’ve read some debate about the top 25 programming mistakes as documented by the CWE (Common Weakness Enumeration) project, in collaboration with the SANS Institute and the MITRE . That the list isn’t complete, that there are some items that aren’t in...
Posted by Alun Jones | 1 comment(s)
Filed under: , , ,
Tue, Oct 14 2008 21:11

FAQ on 2nd Auth

I’ve already received a number of questions about my secondary authentication tool, 2ndAuth . Here’s a few answers: You only show it working for Windows Server 2003 and Windows XP – does it work on other platforms? Currently, we only support using it...
Posted by Alun Jones | 2 comment(s)
Filed under: ,
Sun, Oct 12 2008 21:36

HTML Help in MFC

I recently got around to converting an old MFC project from WinHelp format to HTML Help. Mostly this was to satisfy customers who are using Windows Vista or Windows Server 2008, but who don’t want to install WinHlp32 from Microsoft. (If you do want to...
Posted by Alun Jones | 1 comment(s)
Filed under: , , , ,
Tue, Sep 23 2008 5:47

Shared accounts got you down?

Here’s a description of a tool I’ve been itching to release for some time now - “2ndAuth”, short for “secondary authentication”. This is how it works: 1. The user logs on using a shared account – an account that is known to be shared by a number of different...
Posted by Alun Jones | 5 comment(s)
Filed under: ,
Tue, Jul 29 2008 21:53

FTP - Untrustworthy? I Don't Think So!

Lately, as if writers all draw from the same shrinking paddling-pool of ideas, I've noticed a batch of stories about how unsafe, unsecure and untrustworthy is FTP. SC Magazine says so. First it was an article in the print version of SC Magazine ,...
Posted by Alun Jones | 2 comment(s)
Filed under: , , ,
Thu, Jul 10 2008 22:07

Vistafy Me.

I have a little time over the next couple of weeks to devote to developing WFTPD a little further. This is a good thing, as it's way past time that I brought it into Vista's world. I've been very proud that over the last several years, I have...
Posted by Alun Jones | 6 comment(s)
Filed under: , , , ,
Thu, May 22 2008 20:02

Searching for Weak Debian / Ubuntu SSL Certificates

I've seen a number of people promote packages that have shipped for Debian and Ubuntu, which allow users to scan their collected keys - OpenSSH or OpenSSL or OpenVPN, to discover whether they're too weak to be of any functional use. [See my earlier...
Posted by Alun Jones | 2 comment(s)
Filed under: , , ,
Thu, Jun 28 2007 21:13

Wireless PC Lock - part 2

Over the last several days, I've been getting more and more requests for my updated Wireless PC Lock software that I described way back last year . Possibly, it's because of stories like this one : At New York-based Big Four accounting firm Ernst...
Posted by Alun Jones | 17 comment(s)
Filed under: , , ,