For Dave and anyone else interested, here's the link to the presentation.

And their website: http://netifera.com/research/ with the tool,
available for download, immediately.

So patch immediately.


---------- Forwarded message ----------
From: Thai Duong <[email protected]>
Date: Tue, Sep 28, 2010 at 1:58 PM
Subject: Re: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps
To: Peter Gutmann <[email protected]>, [email protected]


On Sat, Sep 18, 2010 at 8:43 PM, Peter Gutmann
<[email protected]> wrote:
>>I'm one of the authors of the attack. Actually if you look closer, you'll see
>>that they do it wrong in many ways.
>
> The FormsAuth as well, not just the view state?  Interesting, I thought they
> had that one right, at least.

We promised Microsoft not to release anything before they have a
working patch. Now they have it, so we release the slide we presented
at EKOPARTY. Check it out.

http://netifera.com/research/poet//PaddingOraclesEverywhereEkoparty2010.pdf

-Thai.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]



-- 
silky

http://dnoondt.wordpress.com/

"Every morning when I wake up, I experience an exquisite joy — the joy
of being this signature."

Reply via email to