Capture network packets with netsh

Another day, another “interesting” issue at a customer. After deploying our product we were left with a partially working web application. The product has been developed over many years and is a mix of ASP Classic, Web Forms, MVC and Web API. In this case ASP Classic pages were broken and would throw an error.

Ensuring ASP Classic is configured properly

The first step is to ensure that IIS has been configured to execute ASP Classic and this is done easily by adding a dummy ASP page to the web application. After deploying this page I was able to confirm that it was working as expected.


Continue reading


I like football, even with the time difference I try to watch at least the World Cup and the European Championship. I watched the last World Cup on SBS but this time around they only managed to secure a handful of games. As they’re a public service it makes sense after all that they wouldn’t buy the rights for all the games. A quick search on Google indicated that beIN SPORTS CONNECT is the way to go in Australia - I will refer to this service as beIN for the rest of this post.


As the pricing seems reasonable I decided to go ahead. The page is loaded over HTTPS so we start well but to my surprise the form contains a password remainder field. Password remainders are a bad practice as users tend to fill them with their password (when allowed) or with a hint that is an obvious give away.

Continue reading


Recently I came up with an interesting issue at a customer. A governmental agency contacted us and informed us that due to a Windows update we could experience intermittent issue when trying to communicate with them. All I knew at this stage was that the issue would manifest itself when trying to upload a document and that the integration is done via DLLs that are wrapping a few web services.

After generating PDBs via dotPeek and adding them to the Visual Studio symbol cache directory I was able to debug through those third party DLLs and confirm that the issue was indeed located in one of them.

Knowing the DLL is redistributed with the product, is in multiple production versions and that the source control’s history is pretty patchy, the question then become: if we were to get a new DLL could we use it for all the versions?

To answer this question we will have to assess the differences between the DLL in each version.

Continue reading

Barnes and Noble: a tale of poor security practices

Being the happy owner of a Kindle I usually buy my ebooks on Amazon. They have a very large selection to choose from and normally sell all the latest releases. To my surprise they only had “Enigma of China” from Qiu Xialong in paperback and hardcover formats. Kobo didn’t have it at all but after searching for a while I found out that Barnes & Noble sold it as a NOOK Book for $10.

So far, so good or so it seemed. It turned out that Barnes & Noble has such a lax approach of security that at the end I decided not to purchase from them. You’ll find below the reasons that motivated my decision.

Continue reading