Microsoft has issued a warning about a web bug that is affecting ASP.net. ASP is a Microsoft application that is used to create websites. This security alert and the details of the attack methods were announced at the Ekoparty Security Conference on September 17, 2010.
The bug allows hackers to view and retrieve files that are on the ASP framework. They can also obtain full administrator rights to any type of activity. Additionally, through the analysis of error messages, hackers can figure out encryption keys and therefore decode all of the cipher text.
Microsoft is currently working on the problem, but recommends that users make some changes to their account in order to block hackers from correctly interpreting error messages. Users of ASP.Net should enable the “CustomErrors” feature and also change their configuration so that every error page is identical (despite various problems). Most of the bug is based on hackers distinguishing error pages, so this will prevent them from doing so. For now, until a patch is released, this is the best preventative measure against this bug.
To read the full article on this bug, visit:
No comments:
Post a Comment