In this video, researchers Juliano Rizzo and Thai Duong demonstrate the technique they developed for stealing cryptographic keys for ASP.NET Web applications, enabling them to compromise virtually any app built on ASP.NET.
You can read the full story of their attack in this article, “Padding Oracle Attack Affects Millions of ASP.NET Apps.”