|
Title: Demo of the ASP.NET Crypto Attack Post by: Ketchup on September 20, 2010, 10:02:15 PM Quote In this video, researchers Juliano Rizzo and Thai Duong demonstrate the technique they developed for stealing cryptographic keys for ASP.NET Web applications, enabling them to compromise virtually any app built on ASP.NET. http://threatpost.com/en_us/blogs/demo-aspnet-padding-oracle-attack-091710?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular (http://threatpost.com/en_us/blogs/demo-aspnet-padding-oracle-attack-091710?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular) Title: Re: Demo of the ASP.NET Crypto Attack Post by: ajohnson on September 20, 2010, 10:12:26 PM Good info! I'm working with a sensitive client that's been worried about this.
Here's the fix from MS too: http://threatpost.com/en_us/blogs/microsoft-publishes-new-fixit-tool-dll-bug-090110 Title: Re: Demo of the ASP.NET Crypto Attack Post by: dante on September 23, 2010, 01:11:46 PM Here's the fix from MS too: http://threatpost.com/en_us/blogs/microsoft-publishes-new-fixit-tool-dll-bug-090110 The link points to fixing dll hijacking vulnerability. The op is about ASP.Net Crypto vulnerability. I guess there is no fix right now. But there are mitigations.. http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html Title: Re: Demo of the ASP.NET Crypto Attack Post by: ajohnson on September 23, 2010, 03:01:14 PM Oh whoops, wrong link (too many tabs open). I think I meant this one: http://blogs.technet.com/b/srd/
Title: Re: Demo of the ASP.NET Crypto Attack Post by: H1t M0nk3y on September 24, 2010, 07:19:42 AM Thanks Ketchup for sharing this with us.
Some guys are so clever, I just can't use to see smart attacks like this one! Even the song is good...
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |