Slashdot Mirror


Microsoft Issues Ominous ASP.Net Security Warning

An anonymous reader writes "A security flaw in Microsoft's ASP.NET apparently allows access to password-protected areas just by altering a URL. There's no patch yet, but in the meantime Microsoft is telling ASP.NET developers they can rewrite their applications to prevent exploits. About 2.9 million web sites run on ASP.NET according to Netcraft." Some more links: another Microsoft article, NTBugtraq, K-Otik and Heise.

9 of 554 comments (clear)

  1. How Dogbert would handle this by mfh · · Score: 5, Funny

    There's no patch yet, but in the meantime Microsoft is telling ASP.NET developers they can rewrite their applications to prevent exploits.

    And that's why Microsoft is going to eventually lose the war against open source. Can you imagine the heated boardroom discussions going around the table now?

    Dilbert: "Microsoft says we need to pull 20 programmers away from their current workloads to focus on fixing ASP .NET in all our websites. C-c-canon-ical-ization is what they are calling it."

    Dogbert: "How long is this going to take? And who is making these words up anyway?"

    Dilbert: "Two weeks." (I mean that's the standard response right?)

    Dogbert: "Let's give all our programmers a holiday, effective yesterday. Shut the sites down in twenty minutes after I call our contact in Belize. It's time for EULA loophole #27. {{WAG!}}"

    So do the math. And tell me, please, all ye Microsoft supporters, why Open Source lowers my ROI again!

    --
    The dangers of knowledge trigger emotional distress in human beings.
    1. Re:How Dogbert would handle this by nizo · · Score: 5, Funny
      Microsoft is telling ASP.NET developers they can rewrite their applications to prevent exploits.

      My first thought was, "yes, rewrite them in perl or PHP".

    2. Re:How Dogbert would handle this by ThePatrioticFuck · · Score: 5, Funny
      "All thats required is a couple of lines in Global.asax. Thats hadly a rewrite."
      No no no, I'm afraid we can't allow that. This is a MS bashing story, you can only submit such insightful and logical suggestions on *Nix flaw stories :)
  2. How simple! by AndroidCat · · Score: 5, Funny
    Microsoft is telling ASP.NET developers they can rewrite their applications to prevent exploits.

    Ah, that's easy then. Do they have a suggestion for which web app platform and OS I should rewrite my apps for?

    --
    One line blog. I hear that they're called Twitters now.
  3. Rewrite the code! by Mr.+Flibble · · Score: 5, Funny

    They don't have to worry. All the people with black hats will rewrite the code for them... Free of charge!

    --
    Try to hack my 31337 firewall!
  4. Details... by JoeLinux · · Score: 5, Funny

    I guess when it is assumed that your OS is full of security holes, you can issue a press release that more or less just says, "Our security is sh*tty right now", expect everyone to just do a collective, "Yup", and shuffle off.

  5. Finally! by Garabito · · Score: 5, Funny

    No more [registration required] articles on ASP.net servers!

  6. This isn't a bug really by Jakhel · · Score: 5, Funny

    it was a plot by the guys at Microsoft to gain backdoor access to porn sites. Think about it, develop a system for "secure logins" on the internet (whose business HAPPENS to be composed of 70% porn, 30% other) with a bug that lets you bypass the very login that was supposed to be secure? Riiiight. See business plan below.

    Step 1: Develop language for use with "secure login"
    Step 2: ???
    Step 3: Masturbate!

  7. Re:How Dogbert would handle this (Furthermore...) by Ingolfke · · Score: 5, Funny

    Unfortunately, the few lines required to implement the patch has already been copyrighted by Brian Connolly.