Microsoft will release an emergency patch on Tuesday that plugs a security hole in a variety of its web developer tools that has been under active attack for more than a week. The vulnerability in ASP.Net applications allows attackers to decrypt password files, cookies, and other sensitive data that is supposed to remain …
Solution for short-term
Was very easy to fix a large number of ASP.NET sites to protect against this vulnerability. http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx proved to be very useful, simple changes required and easily assures that exploiters can't take advantage of the problem.
Still, a fix is a fix and I'm pleased to see it will be here soon. There must be many web sites out there that are not regularly maintained or the owners don't have the skillset to modify them. A lot easier for your typical small business owner to install a patch on their web server than it is to start modifying their web site.
- 'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
- Crawling from the Wreckage THE DEATH OF ECONOMICS: Aircraft design vs flat-lining financial models
- Pics Facebook's Oculus unveils 360-degree VR head tracking Crescent Bay prototype
- Bargain basement iPhone shoppers BEWARE! eBay exposes users to phishing vuln
- Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp