A hole in ASP.NET{Comments Off on A hole in ASP.NET}

by Chris S
Recently, a few sites have been created under the name “James Northone.” One would rarely navigate to these sites on purpose. Instead, many other sites that are running ASP.NET have been attacked using SQL injection, and made so that some future visitors to these other sites are re-directed to the malicious sites owned by “James.”
This article made me fear for my computer, as it seems sites are being attacked and sites which I should trust are being manipulated to become sites I shouldn’t. As this article came out less than a month ago, and I haven’t seen a significant patch on ASP.NET I believe that the venerability most likely still exists. I hope that I don’t run into this attack myself.
I also believe that this attack speaks about how the biggest companies, like Microsoft, can have the biggest failings in their code. I feel that people need to become much more skeptical on the internet, and trust a whole lot less than they do right now.

Pauli, Darren (10/20/2011) ASP.NET attacks growing in reach. Retrieved from http://www.scmagazineus.com/aspnet-attacks-growing-in-reach/article/214849/