pc world

ASP.NET DoS Vulnerability {2}

by Alexander H
There has been controversy over recently a discovered vulnerability in Microsoft’s ASP.NET Web development platform. A new exploit code has emerged and been published online, increasing the risk of potential attacks on users. The patched denial-of-service (DoS) vulnerability was first announced last December at the Chaos Communication Congress, Europe’s largest and oldest hacker conference. “This vulnerability could allow an anonymous attacker to efficiently consume all CPU resources on a web server or even on a cluster of web servers” (Constantin). In ASP.NET, a single specially crafted 100kb HTTP request can consume anywhere upwards of 100% for one CPU core ranging from 1-2 minutes. An attacker can also repeatedly issue such requests on the server, causing CPU performance to diminish substantially, causing a denial of service condition for even multi-core servers. Recently, an anonymous hacker who goes by the name of HybrisDisaster, published a proof-of-concept exploitation for the ASP.NET vulnerability online. He encourages users to download it, use it how they see fit and spread it. With the high likelihood of someone releasing attack code for this DoS vulnerability played a significant role in Microsoft’s decision to release an out-of-band patch. It is highly recommended that Webmasters that use ASP.NET Web applications immediately deploy the Microsoft patches, which also address other ASP.NET vulnerabilities. read more...

MySQL gets an upgrade from Oracle {Comments Off on MySQL gets an upgrade from Oracle}

by Ermie C
The one thing that has become in a business is the importance of databases. We understand how everything is and how it flows, however, the ease to make the SQL statements can get kind of hairy. For Oracle, they have launched this new version MySQL Cluster. This new feature is actually going to be open source and is a lot easier to use. The two new features that are provided are combing the best of both worlds of NoSQL and SQL databases. ” It can rival the fast key value operations of NoSQL, while still offering the ability to do complex queries of a regular SQL databases” is how they they described it. With the open source, it can prove to be a advantage in the sense that anything is possible for this type of SQL, however, this upgrade can prove fatal for potential hackers who can get the code of how databases are filled. The main feature that is going to be great is the Memcached API. This is because this will make searches and performances go faster and as mentioned Facebook uses this software. This will make the input of data a lot easier. read more...

2012: The Rise of Microsoft SQL Server 2012 {1}

by Ermie C
This article is about how Microsoft is now creating a new version of Microsoft SQL Server.  This version has to deal with a lot of the same features, but with some new features attached to it.  The new product is set to be presented to the public on March 7th and there will be will two different versions of the product given.  First there is the Business Intelligence version and then there is also, the standard version.  However, this March 7th release would be kind of criticized as a publicity stunt to present an incomplete product.  There are some critics that say that Microsoft is only doing this because they want to get something out there.  To me, it feels like it’s going to be the Vista of SQL Servers.  We all know how that turned out.  Also, they said that with the new features it would be very hard to implement.  So the best way to implement the new features would be already incorporating it with the already used database in a person’s business.  To sum it up, critics say to use it with other database tools and pic and choose the features they would like to use. read more...