ASP.NET security exploit information

Here is a link with information regarding the exploit.


http://www.microsoft.com/technet/security/advisory/2416728.mspx


http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx


http://blogs.iis.net/nazim/archive/2010/09/18/asp-net-zero-day-vulnerability-padding-oracle-exploit.aspx


http://stevesmithblog.com/blog/asp-net-custom-errors-security-flaw/


//You Tube video, you should check out!
http://tinyurl.com/2b7rnae


http://pentonizer.com/general-programming/aspnet-poet-vulnerability-what-else-can-i-do/


http://www.gdssecurity.com/l/b/2010/09/14/automated-padding-oracle-attacks-with-padbuster/


http://weblogs.asp.net/scottgu/archive/2010/09/20/frequently-asked-questions-about-the-asp-net-security-vulnerability.aspx


//Sharepoint
http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx


//Custom Errors including new attribute in .NET 3.5 sp1
http://msdn.microsoft.com/en-us/library/h0hfz6fc(VS.90).aspx


//Search engine friendly custom error handling in .NET 3.5 sp1
http://blog.turlov.com/2009/01/search-engine-friendly-error-handling.html


Steve Schofield
Microsoft MVP – IIS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s