In this video, researchers Juliano Rizzo and Thai Duong demonstrate the technique they developed for stealing cryptographic keys for ASP.NET Web applications, enabling them to compromise virtually any app built on ASP.NET.
In this video, researchers Juliano Rizzo and Thai Duong demonstrate the technique they developed for stealing cryptographic keys for ASP.NET Web applications, enabling them to compromise virtually any app built on ASP.NET.
You can read the full story of their attack in this article, “Padding Oracle Attack Affects Millions of ASP.NET Apps.”
Despite being a mostly run-of-the-mill ransomware strain, Babuk Locker’s encryption mechanisms and abuse of Windows Restart Manager sets it apart.
A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.
Google, Microsoft, Cisco Systems and others want appeals court to deny immunity to Israeli company for its alleged distribution of spyware and illegal cyber-surveillance activities.
Anonymous on
Anonymous on
Hi, interesting stuff... I read abount Microsoft's workaround for this... Do you know if your exploit works if the customErrorMode is set to "RemoteOnly"? I remember that with that value a remote user sees only a "friendly" error page... Does it contains enough info for the exploit to work?
Anonymous on
The following link has a modified version of Padbuster, which is able to exploit this against .NET targets:
http://blog.mindedsecurity.com/2010/09/investigating-net-padding-oracle.html
i believe that that method is one ofthe mostly used methods at the begining of this worm along side other hacks and exploits that even a low level format wont allow me to wipe.
im still recieving over 2k or now 4k incoming ips per hour 24/7 that started in feb 2009 after fighting a hacker for 6 months prior where phone systems are exploited and used. possibly for gps location or something. not sure, but its an advanced system where high authoritys are using illegally.
if you dont believe me, then do research on the 2nd phone company that disspeared after i joined due to strange situations. to do so , search using keywords "montana" and "airtel"
that happened after 1 month of joined for getting away from altel for my bills getting bigger and bigger. 400.00 the last month of a phone system i rarely used.
here is incoming ips that never stop since f eb and not being controled or helped.
i dont think the worm is going anywhere.
| [INFO] | Sat Jan 31 12:22:21 2004 | Allowed configuration authentication by IP address 192.168.0.196 |
| [INFO] | Sat Jan 31 12:19:17 2004 | Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2301 |
| [INFO] | Sat Jan 31 12:19:16 2004 | Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2479 |
| [INFO] | Sat Jan 31 12:19:15 2004 | Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9415 |
| [INFO] | Sat Jan 31 12:19:15 2004 | Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:27977 |
| [INFO] | Sat Jan 31 12:16:36 2004 | Blocked incoming UDP packet from 85.177.107.196:22447 to 174.39.166.170:26185 |
| [INFO] | Sat Jan 31 12:14:36 2004 | Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977 |
| [INFO] | Sat Jan 31 12:14:36 2004 | Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085 |
| [INFO] | Sat Jan 31 12:13:53 2004 | Blocked incoming UDP packet from 98.230.152.76:44794 to 174.39.166.170:25835 |
| [INFO] | Sat Jan 31 12:06:53 2004 | Blocked incoming UDP packet from 82.169.12.217:21697 to 174.39.166.170:26185 |
| [INFO] | Sat Jan 31 12:06:32 2004 | Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977 |
| [INFO] | Sat Jan 31 12:06:32 2004 | Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085 |
| [INFO] | Sat Jan 31 12:06:12 2004 | Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:9000 |
| [INFO] | Sat Jan 31 12:06:12 2004 | Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8085 |
| [INFO] | Sat Jan 31 12:05:56 2004 | Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:73 |
| [INFO] | Sat Jan 31 12:05:56 2004 | Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2301 |
| [INFO] | Sat Jan 31 12:05:56 2004 | Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9090 |
| [INFO] | Sat Jan 31 12:05:56 2004 | Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9415 |
| [INFO] | Sat Jan 31 12:04:55 2004 | Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:3246 |
| [INFO] | Sat Jan 31 12:04:54 2004 | Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8085 |
| [INFO] | Sat Jan 31 12:04:53 2004 | Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:27977 |
| [INFO] | Sat Jan 31 11:58:57 2004 | Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085 |
| [INFO] | Sat Jan 31 11:58:37 2004 | Administrator logout |
| [INFO] | Sat Jan 31 11:55:01 2004 | Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:73 |
| [INFO] | Sat Jan 31 11:55:01 2004 | Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2479 |
| [INFO] | Sat Jan 31 11:55:01 2004 | Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9090 |
| [INFO] | Sat Jan 31 11:55:01 2004 | Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:27977 |
| [INFO] | Sat Jan 31 11:54:24 2004 | Blocked incoming TCP connection request from 221.192.199.46:12200 to 174.39.166.170:8085 |
| [INFO] | Sat Jan 31 11:51:00 2004 | Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977 |
| [INFO] | Sat Jan 31 11:49:45 2004 | Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8080 |
| [INFO] | Sat Jan 31 11:49:45 2004 | Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:80 |
| [INFO] | Sat Jan 31 11:49:45 2004 | Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:6588 |
| [INFO] | Sat Jan 31 11:49:44 2004 | Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:7212 |
| [INFO] | Sat Jan 31 11:49:44 2004 | Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8008 |
| [INFO] | Sat Jan 31 11:49:43 2004 | Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8118 |
| [INFO] | Sat Jan 31 11:49:42 2004 | Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:1080 |
| [INFO] | Sat Jan 31 11:49:42 2004 | Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8090 |
| [INFO] | Sat Jan 31 11:49:41 2004 | Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:9000 |
| [INFO] | Sat Jan 31 11:49:40 2004 | Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8085 |
| [INFO] | Sat Jan 31 11:46:49 2004 | Blocked incoming UDP packet from 82.169.12.217:10659 to 174.39.166.170:26185 |
| [INFO] | Sat Jan 31 11:46:08 2004 | Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8090 |
| [INFO] | Sat Jan 31 11:46:08 2004 | Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:3246 |
| [INFO] | Sat Jan 31 11:46:08 2004 | Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8085 |
| [INFO] | Sat Jan 31 11:44:31 2004 | Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8090 |
| [INFO] | Sat Jan 31 11:44:31 2004 | Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:3246 |
| [INFO] | Sat Jan 31 11:44:31 2004 | Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:9000 |
| [INFO] | Sat Jan 31 11:44:31 2004 | Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:27977 |
| [INFO] | Sat Jan 31 11:43:55 2004 | Blocked incoming ICMP packet (ICMP type 8) from 111.178.70.5 to 174.39.166.170 |
| [INFO] | Sat Jan 31 11:43:37 2004 | Log viewed by IP address 192.168.0.196 |
| [INFO] | Sat Jan 31 11:43:04 2004 | Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977 |
| [INFO] | Sat Jan 31 11:43:04 2004 | Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085 |
| [INFO] | Sat Jan 31 11:43:01 2004 | Log viewed by IP address 192.168.0.196 |
| [INFO] | Sat Jan 31 11:43:00 2004 | Stored configuration to non-volatile memory |
[INFO] Sat Jan 31 12:22:21 2004 Allowed configuration authentication by IP address 192.168.0.196
[INFO] Sat Jan 31 12:19:17 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2301
[INFO] Sat Jan 31 12:19:16 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2479
[INFO] Sat Jan 31 12:19:15 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9415
[INFO] Sat Jan 31 12:19:15 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 12:16:36 2004 Blocked incoming UDP packet from 85.177.107.196:22447 to 174.39.166.170:26185
[INFO] Sat Jan 31 12:14:36 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 12:14:36 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 12:13:53 2004 Blocked incoming UDP packet from 98.230.152.76:44794 to 174.39.166.170:25835
[INFO] Sat Jan 31 12:06:53 2004 Blocked incoming UDP packet from 82.169.12.217:21697 to 174.39.166.170:26185
[INFO] Sat Jan 31 12:06:32 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 12:06:32 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 12:06:12 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:9000
[INFO] Sat Jan 31 12:06:12 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 12:05:56 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:73
[INFO] Sat Jan 31 12:05:56 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2301
[INFO] Sat Jan 31 12:05:56 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9090
[INFO] Sat Jan 31 12:05:56 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9415
[INFO] Sat Jan 31 12:04:55 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:3246
[INFO] Sat Jan 31 12:04:54 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 12:04:53 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:58:57 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:58:37 2004 Administrator logout
[INFO] Sat Jan 31 11:55:01 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:73
[INFO] Sat Jan 31 11:55:01 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2479
[INFO] Sat Jan 31 11:55:01 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9090
[INFO] Sat Jan 31 11:55:01 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:54:24 2004 Blocked incoming TCP connection request from 221.192.199.46:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:51:00 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:49:45 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8080
[INFO] Sat Jan 31 11:49:45 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:80
[INFO] Sat Jan 31 11:49:45 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:6588
[INFO] Sat Jan 31 11:49:44 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:7212
[INFO] Sat Jan 31 11:49:44 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8008
[INFO] Sat Jan 31 11:49:43 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8118
[INFO] Sat Jan 31 11:49:42 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:1080
[INFO] Sat Jan 31 11:49:42 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8090
[INFO] Sat Jan 31 11:49:41 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:9000
[INFO] Sat Jan 31 11:49:40 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:46:49 2004 Blocked incoming UDP packet from 82.169.12.217:10659 to 174.39.166.170:26185
[INFO] Sat Jan 31 11:46:08 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8090
[INFO] Sat Jan 31 11:46:08 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:3246
[INFO] Sat Jan 31 11:46:08 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:44:31 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8090
[INFO] Sat Jan 31 11:44:31 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:3246
[INFO] Sat Jan 31 11:44:31 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:9000
[INFO] Sat Jan 31 11:44:31 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:43:55 2004 Blocked incoming ICMP packet (ICMP type 8) from 111.178.70.5 to 174.39.166.170
[INFO] Sat Jan 31 11:43:37 2004 Log viewed by IP address 192.168.0.196
[INFO] Sat Jan 31 11:43:04 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:43:04 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:43:01 2004 Log viewed by IP address 192.168.0.196
[INFO] Sat Jan 31 11:43:00 2004 Stored configuration to non-volatile memory
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
Anonymous on
Does this only work if the default error page is used? If so, that is a basic security requirement of any good deployment.
So really only thing you have to do to prevent this exploit, is to turn on custom error pages.