ASP.NET security exploit information

Sep 18 2010 12:35 PM

Here is a link with information regarding the exploit.

http://www.microsoft.com/technet/security/advisory/2416728.mspx

http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx

http://blogs.iis.net/nazim/archive/2010/09/18/asp-net-zero-day-vulnerability-padding-oracle-exploit.aspx

http://stevesmithblog.com/blog/asp-net-custom-errors-security-flaw/

//You Tube video, you should check out!
http://tinyurl.com/2b7rnae

http://pentonizer.com/general-programming/aspnet-poet-vulnerability-what-else-can-i-do/

http://www.gdssecurity.com/l/b/2010/09/14/automated-padding-oracle-attacks-with-padbuster/

http://weblogs.asp.net/scottgu/archive/2010/09/20/frequently-asked-questions-about-the-asp-net-security-vulnerability.aspx

//Sharepoint
http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx

//Custom Errors including new attribute in .NET 3.5 sp1
http://msdn.microsoft.com/en-us/library/h0hfz6fc(VS.90).aspx

//Search engine friendly custom error handling in .NET 3.5 sp1
http://blog.turlov.com/2009/01/search-engine-friendly-error-handling.html

Steve Schofield
Microsoft MVP – IIS