.

Demo of the ASP.NET Crypto Attack

<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Sep 20, 2010 10:02 pm

Demo of the ASP.NET Crypto Attack

In this video, researchers Juliano Rizzo and Thai Duong demonstrate the technique they developed for stealing cryptographic keys for ASP.NET Web applications, enabling them to compromise virtually any app built on ASP.NET.


http://threatpost.com/en_us/blogs/demo-aspnet-padding-oracle-attack-091710?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular
~~~~~~~~~~~~~~
Ketchup
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Sep 20, 2010 10:12 pm

Re: Demo of the ASP.NET Crypto Attack

Good info! I'm working with a sensitive client that's been worried about this.

Here's the fix from MS too: http://threatpost.com/en_us/blogs/micro ... bug-090110
The day you stop learning is the day you start becoming obsolete.
<<

dante

User avatar

Jr. Member
Jr. Member

Posts: 58

Joined: Wed Jul 21, 2010 10:17 pm

Post Thu Sep 23, 2010 1:11 pm

Re: Demo of the ASP.NET Crypto Attack

dynamik wrote:Here's the fix from MS too: http://threatpost.com/en_us/blogs/micro ... bug-090110


The link points to fixing dll hijacking vulnerability. The op is about ASP.Net Crypto vulnerability. I guess there is no fix right now. But there are mitigations..

http://www.troyhunt.com/2010/09/fear-un ... racle.html
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Sep 23, 2010 3:01 pm

Re: Demo of the ASP.NET Crypto Attack

Oh whoops, wrong link (too many tabs open). I think I meant this one: http://blogs.technet.com/b/srd/
The day you stop learning is the day you start becoming obsolete.
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Sep 24, 2010 7:19 am

Re: Demo of the ASP.NET Crypto Attack

Thanks Ketchup for sharing this with us.

Some guys are so clever, I just can't use to see smart attacks like this one!
Even the song is good...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software