Microsoft will release an emergency patch on Tuesday that plugs a security hole in a variety of its web developer tools that has been under active attack for more than a week. The vulnerability in ASP.Net applications allows attackers to decrypt password files, cookies, and other sensitive data that is supposed to remain …
Solution for short-term
Was very easy to fix a large number of ASP.NET sites to protect against this vulnerability. http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx proved to be very useful, simple changes required and easily assures that exploiters can't take advantage of the problem.
Still, a fix is a fix and I'm pleased to see it will be here soon. There must be many web sites out there that are not regularly maintained or the owners don't have the skillset to modify them. A lot easier for your typical small business owner to install a patch on their web server than it is to start modifying their web site.
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Antique Code Show World of Warcraft then and now: From Orcs and Humans to Warlords of Draenor
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...