Skip to main content

PasswordCheck – A small C# class to calculate password strength and implement custom password policies in ASP.NET

If you’re looking for a decent password strength control implementation for ASP.NET C# you could find this class I made a while ago useful enough. After all these years I’m still using it in a number of projects, from the good-old ASP.NET ASPX Forms to the new ASP.NET Core MVC applications.

The class can be used to perform basically all the required checks in a very customizable way: minimum length, maximum length, digit/numbers, special characters and so on. It features a PasswordStrength enum (and a GetPasswordStrength method) which you can use to calculate the average strength of any given password: it can be handy for general-purpose scenarios, when you don’t have to implement a given password policy. In case you have to do that, you can use the helper methods instead and combine them to suit your needs as shown in the sample implementation provided within the IsStrongPassword method – which is the one I’m still using in most cases.

The methods are quite self-explanatory, so there isn’t much more to say: if you like the class, feel free to leave a feedback in the comment section below!

Read More

MS Outlook blocked access to potentially unsafe attachments – How to fix it

If you’ve stumbled upon this post, you most likely experienced one of the nasty new MS Outlook security features shipped with the june 2017 security update, which blocks file attachments containing two or more consecutive periods or an exclamation mark in their name or extension. Here’s the offending message:

Outlook blocked access to the following potentially unsafe attachments: filename.ext

As we already said, the culprit in this case is to be found in the latest MS security patches released after the ever-growing malware threat, which greatly excalated within the past few months. We’re basically talking about a regression bug here, which is rather common in these kind of scenarios: the urge of preventing the user from compromising the system with potentially bad behaviours ends up with blocking a number of other legitimate and perfectly safe activities, such as opening most of these files.

Luckily enough, Microsoft acknowledged the issue and has already released a number of patches to overcome the issue. Too bad that they left out some Outlook builds – such as Outlook 2007, which is still vastly used worldwide – but at least it’s a start.

Here are the patches currently available at the date/time of writing:

Read More

WannaCry: how to check if your system is protected using a PowerShell script

If you’ve stumbled upon this post you are probably well-aware of the Win32/WannaCrypt Ransomware, better known as WannaCry: we already talked about it in this other post, which contains an extensive list of links to download the various patches to shield almost any Windows-based operating system against this dangerous treat.

However, you might also need to find a way to quickly check if your system is effectively protected against WannaCry or not: this could come very handy if you are a System Administrator and you don’t know which server is missing the updates or not. Altough the best suggestion we can give would always be “patch everything”, you can also use this great PowerShell script (which we stole from this great post from SpiceWorks community site – credits to CarlosTech for the great job):

Read More

WannaCry Malware Official Patches – All Windows Versions from Microsoft Technet

If you stumbled upon this post you most certainly know about the recent Ransomware called Ransom:Win32/WannaCrypt, better known as WannaCry, and you want to know if your system is immune to it. To keep it short, there’s a high chance you already are… as long as you patched your OS on regular basis. The SMB Vulnerability Jump which has been exploited by WannaCry/WannaCrypt has been patched since March 2017 and distribuited through the standard Windows Update feature.

If you didn’t patch – as most international companies who have been impacted – you should really spend some valuable time in doing that just now by going to the official Technet resource page for MS17-010 Jump. There you will find all patches for all Windows versions including Windows 10, Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016.

As soon as you did that, you might also want to do the following, as suggested by this other Technet blog post:

  • Check if your system is protected using this Powershell script in order to ensure that you performed the update properly.
  • Block SMB incoming connections (Port 445) from External – Internal Network on Edge Firewalls
  • Upgrade legacy systems to latest OS (Windows 10 , Better Inbuilt protections – Credential Guard, Device Guard, Memory Protections, Secure Kernel, VBS, Edge Browser etc).
  • Microsoft just released emergency security updates/fixes for legacy systems as well (Windows XP , Server 2003 etc). Download links are below (and also in the aforementioned Technet page).

For additional technical info about the malware, I can only suggest reading the following posts from MMPC, FireEye and Technet:

And these are the links for legacy systems:

Read More

Chrome Extensions redirects to App Page? Use Chrome Cleanup Tool (and Malwarebytes Anti-Malware)

The endless fight (or should we say race?) between malware and anti-malware software is ready for another chapter: this time we’ll be talking about some very annoying malicious code that often take the form of a Google Chrome extension and drives your favourite web browser here and there. If you’re used to this kind of “infection” you might think that such thing aren’t a problem: we just need to go to the extension page and delete them for good.

The Issue

You were definitely right… until some months ago. Since 2016, most of these malicious software will prevent you from navigating to the settings pages – including the extension page – redirecting you elsewhere, such as to the Google Apps page, as soon as you try to.

Luckily enough, the issue is well-known to Google. According to this article on the Google knowledge base, these are the most common behaviors:

Read More