Researchers Demo ASP.NET Crypto Attack 98
Trailrunner7 writes "The crypto attack against ASP.Net Web apps has gotten a lot of attention this week, and with good reason. Microsoft on Friday night issued a security advisory about the bug, warning customers that it poses a clear danger to their sites. Also on Friday, the researchers who found the bug and implemented the attack against it released a slick video demo of the attack, clearly showing the seriousness of the problem and how simple it is to exploit with their POET tool."
Re:This is why we need to use Ruby on Rails. (Score:5, Funny)
Python is the only solution we can use in the real world. Ruby on Rails is getting close to Django, but it will never be able to catch up with Django because Ruby on Rails doesn't use Python.
Re:Many ASP.NET apps are developed in India. (Score:1, Funny)
India is the world's leading exporter of SQL injection vulnerabilities. It literally makes up approximately 8% of their GDP.
Re:NOOOO! (Score:3, Funny)
Sorry, but real pros replace ALL of the HTTP status codes at random to prevent the client / browser from detecting a pattern. Similarly, pros override "true" and "false" constants to be functions that return random booleans, just to keep the code guessing. Sure, standards are great, but pros make sites that are secure, not standard.