Wednesday, September 29, 2010
ASP.NET Vulnerability - Slides

Thanks to those user group members and Xero partners that came along to our talk today.

We covered the two vulnerabilities released last week, the workarounds, and the patches that were released this morning.

Here are the slides: KirkJackson-PaddingOracle.pdf (641.14 KB)

All ASP.NET applications are affected. The best thing to do is install the patches released this morning.


Problem & bulletins:

Security bulletin MS10-070

Useful info on ScottGu's blog

Forum about the security vulnerability

Video of a site exploit, even with the workarounds applied

Patch:

Scott Gu's writeup of the patch

Post-mortem of the patch - Marc Brooks

How to configure the new patched features

Research:

Juliano Rizzo and Thai Duong and their POET tool

Padbuster tool (including a great writeup of Padding Oracles)

 |  | 
posted on Wednesday, September 29, 2010 8:25:39 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
Related posts:
WDCNZ Conference - Web Security: Get a Head(er)
New Zealand ALM Conference - Thinking Securely from life to cycle
SharePoint Conference NZ - Is your SharePoint under threat?
Recent talks - I know what you did last summer
New job
ASP.NET vulnerability - briefing in Wellington this Wednesday
Comments are closed.
Navigation
Home
About
Code Camp
Wellington Groups

 RSS 2.0 | Send mail to the author(s)

Categories
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Blogroll

Archive
<May 2013>
SunMonTueWedThuFriSat
2829301234
567891011
12131415161718
19202122232425
2627282930311
2345678


July, 2011 (1)
April, 2011 (1)
March, 2011 (3)
September, 2010 (3)
August, 2010 (1)
July, 2010 (8)
February, 2010 (1)
January, 2010 (1)
December, 2009 (1)
October, 2009 (3)
September, 2009 (3)
August, 2009 (6)
July, 2009 (6)
June, 2009 (2)
May, 2009 (4)
April, 2009 (1)
March, 2009 (3)
February, 2009 (8)
January, 2009 (3)
December, 2008 (10)
November, 2008 (10)
October, 2008 (21)
September, 2008 (16)
August, 2008 (7)
July, 2008 (1)
June, 2008 (7)
May, 2008 (3)
April, 2008 (8)
February, 2008 (4)
January, 2008 (1)
December, 2007 (1)
November, 2007 (8)
September, 2007 (10)
August, 2007 (5)
July, 2007 (9)
June, 2007 (25)

Month View

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2013 Kirk Jackson

Theme design by Jacob Hodges with newtelligence dasBlog 1.9.6264.0

Sign In
Pick a theme: