Microsoft Issues Ominous ASP.Net Security Warning
An anonymous reader writes "A security flaw in Microsoft's ASP.NET apparently allows access to password-protected areas just by altering a URL. There's no patch yet, but in the meantime Microsoft is telling ASP.NET developers they can rewrite their applications to prevent exploits. About 2.9 million web sites run on ASP.NET according to Netcraft." Some more links: another Microsoft article, NTBugtraq, K-Otik and Heise.
There's no patch yet, but in the meantime Microsoft is telling ASP.NET developers they can rewrite their applications to prevent exploits.
.NET in all our websites. C-c-canon-ical-ization is what they are calling it."
And that's why Microsoft is going to eventually lose the war against open source. Can you imagine the heated boardroom discussions going around the table now?
Dilbert: "Microsoft says we need to pull 20 programmers away from their current workloads to focus on fixing ASP
Dogbert: "How long is this going to take? And who is making these words up anyway?"
Dilbert: "Two weeks." (I mean that's the standard response right?)
Dogbert: "Let's give all our programmers a holiday, effective yesterday. Shut the sites down in twenty minutes after I call our contact in Belize. It's time for EULA loophole #27. {{WAG!}}"
So do the math. And tell me, please, all ye Microsoft supporters, why Open Source lowers my ROI again!
The dangers of knowledge trigger emotional distress in human beings.
And I thought register_globals was bad!
Ah, that's easy then. Do they have a suggestion for which web app platform and OS I should rewrite my apps for?
One line blog. I hear that they're called Twitters now.
They don't have to worry. All the people with black hats will rewrite the code for them... Free of charge!
Try to hack my 31337 firewall!
About 2.9 million web sites run on ASP.NET according to Netcraft.
It's official, Netcraft confirms: A whole lotta ASP .NET sites are dying ...
I guess when it is assumed that your OS is full of security holes, you can issue a press release that more or less just says, "Our security is sh*tty right now", expect everyone to just do a collective, "Yup", and shuffle off.
Asp.NOT or asp.Nyet!
I wonder how many US government websites in Iraq and Washington are running these soft targets? This is the kind of thing that's forced all our Cybersecurity chiefs to resign in disgust.
--
make install -not war
Let's all go to http://www.billgates.com/files\private\How Can I Repackage the Same Old Shit in a New Wrapper.doc
No more [registration required] articles on ASP.net servers!
it was a plot by the guys at Microsoft to gain backdoor access to porn sites. Think about it, develop a system for "secure logins" on the internet (whose business HAPPENS to be composed of 70% porn, 30% other) with a bug that lets you bypass the very login that was supposed to be secure? Riiiight. See business plan below.
Step 1: Develop language for use with "secure login"
Step 2: ???
Step 3: Masturbate!
Unfortunately, the few lines required to implement the patch has already been copyrighted by Brian Connolly.
With M$'s track record for secutiry, I fail to see why everyone's panties are in a bunch. Unfortunately, we should be used to this kind of crap from them by now, not surprised or panicky.
Don't we have an SOP for microsoft security announcements by now?
--Qtone
I used to do tech support for a local Wendy's franchise. You think that guy was bitching? You should hear the burger flippers bitching about thier headsets. And in their case, it was usually their fault, not the equipment's fault.
When will Windows be ready for the desktop?
One line blog. I hear that they're called Twitters now.