In this video, researchers Juliano Rizzo and Thai Duong demonstrate the technique they developed for stealing cryptographic keys for ASP.NET Web applications, enabling them to compromise virtually any app built on ASP.NET.
You can read the full story of their attack in this article, “Padding Oracle Attack Affects Millions of ASP.NET Apps.”
The Microsoft Security Response Center announced today that it will ship ten bulletins in the March edition of patch Tuesday. MSRP considers just two of the patches critical, one of which supplements the currently available “Fix it” tool that resolved the IE vulnerability exploited recently in an attack targeting the U.S. Department of Labor.
Microsoft released a Fix It temporary mitigation for a zero-day vulnerability in Internet Explorer 8 that was used in a watering hole attack against the U.S. Department of Labor’s website.
Microsoft has released a new version of the MS13-036 patch that was causing some customers’
My work has me rushing all over the world, speaking at events, getting together with fellow experts to tell my own stories and listen to theirs. One day I thought, why not share them here as well? So,...
“Jumcar” is the name we have given to a family of malicious code developed in Latin America – particularly in Peru – and which, according to our research, has been deploying attack maneuvers s...
We want you to be fully aware of the latest changes in the threat landscape. Our friends at securelist have compiled a quarterly report of digital threats and we’ve included their most important...
Cybersecurity for the next generation!
Does this only work if the default error page is used? If so, that is a basic security requirement of any good deployment.
So really only thing you have to do to prevent this exploit, is to turn on custom error pages.
Why aren’t you actually talking in the video, explaining what you are doing and what is happening instead of playing music….
I imagine he’s not talking because he presumes that people can read.
Hi, interesting stuff… I read abount Microsoft’s workaround for this… Do you know if your exploit works if the customErrorMode is set to “RemoteOnly”? I remember that with that value a remote user sees only a “friendly” error page… Does it contains enough info for the exploit to work?
The following link has a modified version of Padbuster, which is able to exploit this against .NET targets:
http://blog.mindedsecurity.com/2010/09/investigating-net-padding-oracle.html
i believe that that method is one ofthe mostly used methods at the begining of this worm along side other hacks and exploits that even a low level format wont allow me to wipe.
im still recieving over 2k or now 4k incoming ips per hour 24/7 that started in feb 2009 after fighting a hacker for 6 months prior where phone systems are exploited and used. possibly for gps location or something. not sure, but its an advanced system where high authoritys are using illegally.
if you dont believe me, then do research on the 2nd phone company that disspeared after i joined due to strange situations. to do so , search using keywords “montana” and “airtel”
that happened after 1 month of joined for getting away from altel for my bills getting bigger and bigger. 400.00 the last month of a phone system i rarely used.
here is incoming ips that never stop since f eb and not being controled or helped.
i dont think the worm is going anywhere.
[INFO] Sat Jan 31 12:22:21 2004 Allowed configuration authentication by IP address 192.168.0.196
[INFO] Sat Jan 31 12:19:17 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2301
[INFO] Sat Jan 31 12:19:16 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2479
[INFO] Sat Jan 31 12:19:15 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9415
[INFO] Sat Jan 31 12:19:15 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 12:16:36 2004 Blocked incoming UDP packet from 85.177.107.196:22447 to 174.39.166.170:26185
[INFO] Sat Jan 31 12:14:36 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 12:14:36 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 12:13:53 2004 Blocked incoming UDP packet from 98.230.152.76:44794 to 174.39.166.170:25835
[INFO] Sat Jan 31 12:06:53 2004 Blocked incoming UDP packet from 82.169.12.217:21697 to 174.39.166.170:26185
[INFO] Sat Jan 31 12:06:32 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 12:06:32 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 12:06:12 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:9000
[INFO] Sat Jan 31 12:06:12 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 12:05:56 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:73
[INFO] Sat Jan 31 12:05:56 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2301
[INFO] Sat Jan 31 12:05:56 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9090
[INFO] Sat Jan 31 12:05:56 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9415
[INFO] Sat Jan 31 12:04:55 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:3246
[INFO] Sat Jan 31 12:04:54 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 12:04:53 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:58:57 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:58:37 2004 Administrator logout
[INFO] Sat Jan 31 11:55:01 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:73
[INFO] Sat Jan 31 11:55:01 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2479
[INFO] Sat Jan 31 11:55:01 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9090
[INFO] Sat Jan 31 11:55:01 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:54:24 2004 Blocked incoming TCP connection request from 221.192.199.46:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:51:00 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:49:45 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8080
[INFO] Sat Jan 31 11:49:45 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:80
[INFO] Sat Jan 31 11:49:45 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:6588
[INFO] Sat Jan 31 11:49:44 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:7212
[INFO] Sat Jan 31 11:49:44 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8008
[INFO] Sat Jan 31 11:49:43 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8118
[INFO] Sat Jan 31 11:49:42 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:1080
[INFO] Sat Jan 31 11:49:42 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8090
[INFO] Sat Jan 31 11:49:41 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:9000
[INFO] Sat Jan 31 11:49:40 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:46:49 2004 Blocked incoming UDP packet from 82.169.12.217:10659 to 174.39.166.170:26185
[INFO] Sat Jan 31 11:46:08 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8090
[INFO] Sat Jan 31 11:46:08 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:3246
[INFO] Sat Jan 31 11:46:08 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:44:31 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8090
[INFO] Sat Jan 31 11:44:31 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:3246
[INFO] Sat Jan 31 11:44:31 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:9000
[INFO] Sat Jan 31 11:44:31 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:43:55 2004 Blocked incoming ICMP packet (ICMP type 8) from 111.178.70.5 to 174.39.166.170
[INFO] Sat Jan 31 11:43:37 2004 Log viewed by IP address 192.168.0.196
[INFO] Sat Jan 31 11:43:04 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:43:04 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:43:01 2004 Log viewed by IP address 192.168.0.196
[INFO] Sat Jan 31 11:43:00 2004 Stored configuration to non-volatile memory
It’s called a DDOS
en.wikipedia.org/wiki/Denial-of-service_attack
Your router is being attacked by a spam company in china that is trying to get to your computer.
Call your ISP and ask them to change your external IP address, Reformat, instal antivirus, firewall, anti-spyware.
Getting your external IP address changed to a new one will help the most.
They are most likely trying to reach a botnet that is or was on your system.