Wednesday, September 15, 2010
Researchers 'destroy' Microsoft ASP.NET security In less than 50 minutes
Finally, a truth on bad security.
RESEARCHERS have managed to exploit the way in which AES encryption is implemented in Microsoft's ASP.NET software to leave web users' data up for grabs.
Duong and Rizzo's last statement claiming that their attack "totally destroys" security is particularly chilling. Apparently the technique used in the exploit has been around since 2002 and it is surprising that not only has Microsoft missed this one but also security researchers and hackers who are usually adept at taking advantage of any seemingly minor weakness in code.
RESEARCHERS have managed to exploit the way in which AES encryption is implemented in Microsoft's ASP.NET software to leave web users' data up for grabs.
Duong and Rizzo's last statement claiming that their attack "totally destroys" security is particularly chilling. Apparently the technique used in the exploit has been around since 2002 and it is surprising that not only has Microsoft missed this one but also security researchers and hackers who are usually adept at taking advantage of any seemingly minor weakness in code.
THIS LINK posted by Joseph Bell : 9:41 AM
