AES CBC Mode – Chosen Plaintext Attack

Years ago when I set out to learn cryptography for my work as a software developer, I found it interesting that unlike many other aspects of software engineering the “Don’ts” vastly exceed the “Do’s”. To make things worse, the Don’ts of cryptography tend to lead to security vulnerabilities in our software which are in a… Read More »

CAN Bus Reverse Engineering – Finding the VIN

Last winter, I attended a presentation hosted by ASRG-D where the presenter gave his endorsement of the The Car Hacker’s Handbook. So I picked up a copy and read through it. It is an enjoyable read and an excellent compilation for vehicle penetration testing. My only complaint was that there are some minor issues with… Read More »

Why HTTPS Matters

Recently I changed my web site over to being exclusively served via HTTPS (HTTP Secure). This post details the reasons for the change over from HTTP to HTTPS. Privacy (Confidentiality) When accessing a site via HTTPS, no information (except IP Address and Port Number of the web server) sent between client and server can be… Read More »

CRC Algorithm implementation in C#

Introduction My job requires me to interface with a lot of embedded systems. Often times when communicating with those embedded systems a CRC check value will need to be calculated. A lot of the code I write is in C# and although there a few solutions out there for computing CRCs in .NET/Mono, the majority… Read More »

Asymmetric Cryptography in Practice

Encryption can be broken into either symmetric or asymmetric. Symmetric key cryptography is where the same cryptographic key is used for encryption and decryption. Asymmetric key (public-key) cryptography is where one key (the public key) is used for encryption and another key (the private key) is used for decryption. With the sort of added power… Read More »

WCF Tutorial: A Different Approach – Service Library

Service Library Now that we have defined our service interface – It’s time to implement it. We implement the service contract interface (IMathService) just like we would any other C# interface and the result is our service library. See below for the service library source code: using System.ServiceModel; using MathServiceInterface; using MathServiceInterface.DTOs; using MathServiceInterface.Enumerations; using… Read More »

LINQ queries on non-generic collections

Introduction LINQ (Language-Integrated Query) is a powerful tool of the .NET Framework. As the name implies, it integrates query capabilities directly into C# (or the .NET language of your choice). This article does not aim to be an introduction to LINQ, but rather how to use LINQ queries on non-generic collections (objects of IEnumerable type).… Read More »

WCF Tutorial: A Different Approach – Service Interface

Service Interface At the heart of this WCF solution is the Service Interface which describes the operations that our service supports. In addition, the service interface (contract) assembly also contains the DTOs and SOAP Faults that are to be exchanged over the wire. Personally, I like to organize this assembly by putting DTOs in a… Read More »