Whats this a rushed out product getting a rush patch? {1}

by Salvador A
As with all new products hitting the market or old products getting an update. There will always be some sort of vulnerability that rises up. The vulnerability that was brought up on this article was the issue with hash tables. In a nut shell Hash tables are what allow for retrieval of Data in a a fast manner by prioritizing the data within the hash table using a very specific algorithm that will determine which pieces of data get chosen/ given priority, thus increasing data retrieval times. But along with being able to retrieve data it is also susceptible, to attacks. These types of attack target the hash table collision , which essentially is what happens when two pieces of data share the same hash value. By doing this you can slow down a server up to the point where it really cannot do much but sit there and try to resolve the conflicts. The work around that was proposed and implemented was a restriction to the number of arguments allotted on a per user request style. read more...

ASP.NET Websites are Under Attack {1}

by Yeimy F

 I read an article from 2011 that says that about 180,000 pages from websites, using ASP.Net platform, have been affected by hackers who are massively attacking them with SQL injection. Hackers plant malicious JavaScript on ASP. NET websites which “causes the browser to load an iframe with one of the two remote sites: and” This iframewhich is an HTML element specifies an inline frame used to embed another document within the current HTML document. Then, this iframe plants malware on the visitor’s computers. But Microsoft started providing ASP.NET programmers with enough information about how to protect against such attacks since 2005. read more...

Just Another Hack {7}

by Monica G
It is very common to see or hear about hackers finding new ‘vulnerabilities’ within huge corporations, therefore it is safe to say that this is just another one. Some exploit code was discovered that affected Microsoft’s ASP.NET web development platform, it was called CVE-2011-3414. This type of code apparently allows for all CPU resources to be taken from a single server, which causes for performance to be compromised to the point of denial of service. A hacker by the name of HybrisDisaster published the code online, signing “We are Legion. Expect Us.” The signature caused more public attention because those words belong to a anonymous hacktivist group. They usually use this type of attack to support their activities, which they claim is legitimate. read more...

ASP.NET over PHP? {2}

by Carlos R
The article I selected this week is about the battle between ASP.NET and PHP. The author specifically states that he himself is a PHP guy, but is now learning about ASP.NET, and he has been fairly impressed with what it’s capable of doing. He goes on in the article explaining .NET framework, how there is two main parts: The CLR, and the hierarchical set of class libraries. The article argues and gives six reasons why people should use ASP.NET. The first reason detailed is speed, he states that the applications are compiled, which makes it much faster than PHP. The second reason given is the fact that ASP.NET offers more language support compared to PHP. Third reason is the choice of development environments, because you have the freedom to download a free version of ASP.NET called Web Matrix, and with MS SQL, you have way more advantages over PHP. The fourth reason solely states that ASP.NET is part of .NET, and that alone provides a lot of benefits. The second to last reason is that it’s actually cheaper to develop for ASP.NET than PHP. This is due to the fact that there are simplified free versions of it, but purchasing it is definitely more expensive. The last reason the author argues in the article is that it is cross platform. He feels that right now it is pretty much tied to the Windows platform, but could become very cross-platform in a few years. read more...

Comparing ASP.NET with PHP {Comments Off on Comparing ASP.NET with PHP}

by Cole O’C
ASP.NET and PHP are both very powerful, widely used tools for developing dynamic web pages. It can be incredibly difficult to choose between which one to use, or if to use both via Microsoft IIS, and can change on a per-project basis. In terms of performance, ASP.NET is generally considered faster due to being compiled language as opposed to PHP’s interpreted language. That said, the most important factor of quality performance is good design and implementation. The security of the program hinges strongly on the expertise of programmers rather than the languages themselves. As for cost, it is rather hard to beat PHP’s amazingly affordable price of free. However, some commercial controls and/or libraries can be purchased for PHP, which should be taken into consideration. Hosting services are also usually cheaper for PHP due to there being more hosting providers. However, the cost of ASP.NET may be justified because you can use it in conjunction with other Microsoft products such as Visual Studio and SQL Server. In terms of ease of development, ASP.NET has a higher level of abstraction and is more object-oriented than PHP, which means that ASP.NET is more likely to produce reusable code. For further information, there are two articles at the bottom that can help a developer choose which is best for them: the article from NetroStar is concise and is what I summarized here, while the article from PerfectWebTutorials is quite verbose and comprehensive. read more...

Patches: >.< {1}

by Caezar M


In the classic story that we CANNOT do anything right the first time it was announced that a patch for ASP.NET actually doesn’t help security that much at all. Microsoft released a patch that was supposed to resolve security issues for  ASP.NET and right after a hacker published a vulnerability on how to create havoc within those servers causing massive Denial of Service (DoS). now when we normally think of DoS we think that someone using massive ammounts of infected computers to simultaniously request information from one source causing the server to crash. well….this is not as cool but infinitely more effective. so basically this patch allows for a HTTP request of ~100kb to consume 100% ….wait can i modify text in here?….. read more...

More Internet Security Woes… {Comments Off on More Internet Security Woes…}

by Calvin M
*Note: I noticed one of my fellow classmates also read the same article, so I am writing about the part he didn’t discuss about to avoid any plagiarism confusions.

Juliano Rizzo and Thai Duong are security researchers that have built a tool that can retrieve authentication tokens and cookies from websites HTTPS request that can be used to get peoples personal information and private, server-side information from the websites. Last year, these two researchers were able to figure how some people were able to attack ASP.NET web applications that was also able to retrieve people’s personal information and other data. This vulnerability is apparently present in about 25% of web applications using ASP.NET. Because of this vulnerability, Microsoft had to release an emergency patch which fixed this vulnerability in the web applications. read more...

Goodbye Horses {Comments Off on Goodbye Horses}

by Luis F
The journal article was about IIS web page Trojan horses and how they are written in .Net and providing solutions on how to rid ones webpage of them.   It provides information on what the Trojan’s are able to do and how they operate, an example is a one statement Trojan “has no independent ability to control a website, but if it is used together with client code, it can control the website”.  Then the article offers 9 examples of anti-killing Trojans on a website.  One example from the article is case conversion, where the Trojan is trying to evade anti-virus programs by using different casing in its block of code.  The article ends by explaining the Trojan detection program they developed in C# and how in its test it was able to detect all the Trojans in their sample.  It’s also coded so that it can detect future Trojan’s as long as the user updates and tracks any new kind of Trojan they encounter. read more...

ASP.NET MVC!! {Comments Off on ASP.NET MVC!!}

by Wei C

The article is talking about some new changes in the web development environment. Author mentioned that ASP.NET is getting old even it has a great stability, productivity and performance in over all web development. There are two alternatives for ASP.NET. which are MonoRail and ASP.NET MVC. In the article, author had briefly and mainly described the features and benefits of the newer version of ASP.NET which is ASP.NET MVC. MVC is standing for Model –View- Controller. It is a pattern which can be used for web development. The unique part of the ASP.NET MVC is that all the incoming requests are just go through a single component which is the MVC HTTP handler. Finally, the author has mentioned the main difference between ASP.NET and ASP.NET MVC is the URL represent as an action instead of a file. Base on the author, ASP.NET MVC is not bound to the server or a render technology. It simply just generates the response through an object and helps implement the contract. In the conclusion, there are a lot of new tools allowed users to use on building a website. ASP.NET MVC is a new introduced technology in the area. read more...

Learning Multiple Server-Side Computer Languages {Comments Off on Learning Multiple Server-Side Computer Languages}

by Tuyen H

In the article “Design and Delivery of Multiple Server-Side Computer Languages Course” the authors write about why information system (IS) students need to learn multiple server-side computer languages such as Java, .NET, or PHP. According the authors, every computer language has its own advantages and weaknesses. Java’s execution performance may be more efficient than ASP.NET; however, ASP.NET is more popular because of the popularity of Windows platform. On the other hand, PHP is open source, fast and easy to develop. PHP is also widely used in many small scale service-oriented applications. Moreover, XML is one of many important languages which IS students should learn. XML is widely use in web applications, and it is easy to learn. Finally, the authors conclude “One of the most important aspects of effective IS education is to help IS students to develop problem solving skills to meet the challenges of the fast changing IS field.” read more...