Microsoft will release an emergency patch on Tuesday that plugs a security hole in a variety of its web developer tools that has been under active attack for more than a week. The vulnerability in ASP.Net applications allows attackers to decrypt password files, cookies, and other sensitive data that is supposed to remain …
Solution for short-term
Was very easy to fix a large number of ASP.NET sites to protect against this vulnerability. http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx proved to be very useful, simple changes required and easily assures that exploiters can't take advantage of the problem.
Still, a fix is a fix and I'm pleased to see it will be here soon. There must be many web sites out there that are not regularly maintained or the owners don't have the skillset to modify them. A lot easier for your typical small business owner to install a patch on their web server than it is to start modifying their web site.
- Updated Hidden network packet sniffer in MILLIONS of iPhones, iPads – expert
- Students hack Tesla Model S, make all its doors pop open IN MOTION
- BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
- PROOF the Apple iPhone 6 rumor mill hype-gasm has reached its logical conclusion
- US judge: YES, cops or feds so can slurp an ENTIRE Gmail account