Microsoft Issues Ominous ASP.Net Security Warning
An anonymous reader writes "A security flaw in Microsoft's ASP.NET apparently allows access to password-protected areas just by altering a URL. There's no patch yet, but in the meantime Microsoft is telling ASP.NET developers they can rewrite their applications to prevent exploits. About 2.9 million web sites run on ASP.NET according to Netcraft." Some more links: another Microsoft article, NTBugtraq, K-Otik and Heise.
Or, better yet, go read yesterday's post about Mozilla security holes. Then you can flame, bash, and troll MS while at least feeling a little guilty about it.
I'm beginning to believe that it's time CIOs were taken to task for repeatedly putting their businesses in danger by continuing to require Microsoft products on their servers.
/. readers will agree that the OS and most of the MS software is buggy and CERTAINLY less than secure, so shouldn't these corporate "EXPERTS" know it as well? If so then they are intentionally endangering their most precious corporate assets - information.
Most
Where I come from that is a direct affront to the charter of their positions and grounds for termination...
"Straddling the sword of technology..."
Also, after denying permissions to an aspx.page http://server/directory\deniedpage.aspx didn't work either. Odds are you have no idea what you are talking about.
This comment was randomly generated by a school of piranhas chewing on the PCB of a Microsoft Natural Keyboard.
.. Ars Technica just migrated to .NET...
(ok, maybe coinky-dink is the wrong compound-word.. Irony's not quite right either.. How about BWAHAHAHAH!?)
if you are not an ASP.NET developer, please do not comment on this story. it does not concern you.
you know if software development is too frustrating for you, you can give a shot at flipping burgers at mcdonalds. You sound like an engineer who whines about having to do fixing and testing. Isn't that part of your job description?
did you forget to take your meds?