Microsoft will release an emergency patch on Tuesday that plugs a security hole in a variety of its web developer tools that has been under active attack for more than a week. The vulnerability in ASP.Net applications allows attackers to decrypt password files, cookies, and other sensitive data that is supposed to remain …
Solution for short-term
Was very easy to fix a large number of ASP.NET sites to protect against this vulnerability. http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx proved to be very useful, simple changes required and easily assures that exploiters can't take advantage of the problem.
Still, a fix is a fix and I'm pleased to see it will be here soon. There must be many web sites out there that are not regularly maintained or the owners don't have the skillset to modify them. A lot easier for your typical small business owner to install a patch on their web server than it is to start modifying their web site.
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- SOULLESS machine-intelligence ROBOT cars to hit Blighty in 2015
- BuzzGasm! Thirteen Astonishing True Facts You Never Knew About SCREWS
- Microsoft's Euro cloud darkens: Redmond must let feds into foreign servers
- Worstall on Wednesday YES, iPhones ARE getting slower with each new release of iOS