Tag: security

This is how you do Network Security


At a client and was trying to get high-speed internet. Did the old “take an ethernet cable from some computer and plug it into mine” routine. Couldn’t access the internet or their network. Good for them.

But the best part is SIX MINUTES LATER, some guy comes in and asks me what I’m doing here. Says he got an alert to his mobile phone that someone on the level tried to gain access to the network. If it was after-hours (thankfully it wasn’t); security would have come. Also, no USB Data sticks work on any of the computers.

I asked him what software they use for this and he said, “I can’t say”.

Very well done sir, very well done.

Security Vulnerability in ASP .Net — Padding Oracle Attack


All editions of ASP .Net (1.0 – 4.0) are vulnerable to the “Padding Oracle” crypto attack. Scott Guthrie has a good post about it here.  Microsoft has acknowledged the attack and is offering a work around.  There is also a post on Microsoft’s Security Research and Defense blog here.  Microsoft’s official response shows that they aren’t too happy that the hacker decided to publicly disclose the attack without telling them about it first:

We continue to encourage security researchers to coordinate vulnerability disclosure with software vendors. We believe public disclosure before a comprehensive update can be produced only leads to customer risk through criminal activity.

An actual demostration of the attack on a DotNetNuke installation to become the “SuperUser” took less than five minutes…

DotNetNuke has published their response here.

I’ll be keeping up with this over the weekend.  So come back to find out more.  I haven’t seen any attacks yet… but that will be when it get interesting….