'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps
Thai Duong
thaidn at gmail.com
Mon Sep 27 23:58:21 EDT 2010
On Sat, Sep 18, 2010 at 8:43 PM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
>>I'm one of the authors of the attack. Actually if you look closer, you'll see
>>that they do it wrong in many ways.
>
> The FormsAuth as well, not just the view state? Interesting, I thought they
> had that one right, at least.
We promised Microsoft not to release anything before they have a
working patch. Now they have it, so we release the slide we presented
at EKOPARTY. Check it out.
http://netifera.com/research/poet//PaddingOraclesEverywhereEkoparty2010.pdf
-Thai.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list