For Dave and anyone else interested, here's the link to the presentation. And their website: http://netifera.com/research/ with the tool, available for download, immediately.
So patch immediately. ---------- Forwarded message ---------- From: Thai Duong <[email protected]> Date: Tue, Sep 28, 2010 at 1:58 PM Subject: Re: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps To: Peter Gutmann <[email protected]>, [email protected] On Sat, Sep 18, 2010 at 8:43 PM, Peter Gutmann <[email protected]> wrote: >>I'm one of the authors of the attack. Actually if you look closer, you'll see >>that they do it wrong in many ways. > > The FormsAuth as well, not just the view state?  Interesting, I thought they > had that one right, at least. We promised Microsoft not to release anything before they have a working patch. Now they have it, so we release the slide we presented at EKOPARTY. Check it out. http://netifera.com/research/poet//PaddingOraclesEverywhereEkoparty2010.pdf -Thai. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected] -- silky http://dnoondt.wordpress.com/ "Every morning when I wake up, I experience an exquisite joy — the joy of being this signature."
