Workarounds Not Enough to Protect Against ASP.NET Attacks

Microsoft has released updated workaround guidance for the ASP.NET padding oracle vulnerability, suggesting that customers use a technique to block requests that specify an application error. However, the researchers who developed the attack on ASP.NET have said that the workaround is not sufficient to prevent the attack.

Week in Review: Web Insecurity and Fixes for Stuxnet

Web insecurity was in the news this week, with a major flaw in the security of ASP.NET and some sobering statistics on Web site infections. When your bank account gets hacked – is it your fault? And, with a patch out for one of four (!) zero day exploits used by Stuxnet, security experts wonder if its the most sophisticated malware…ever!? 

A pair of security researchers have implemented an attack that exploits the way that ASP.NET Web applications handle encrypted session cookies, a weakness that could enable an attacker to hijack users’ online banking sessions and cause other severe problems in vulnerable applications. Experts say that the bug, which will be discussed in detail at the Ekoparty conference in Argentina this week, affects millions of Web applications.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.