Information security centric blog. Covering administrative, technical and governance security issues. Topics include compliance, microsoft windows, apple osx, solaris, unix and linux technical how-to. Discussions regarding penetration testing, security assessments, and security controls. Opinions related to PCI-DSS, NERC, FERC ISO27000 and other compliance related themes.
There has been some news regarding the latest .NET attack, which exposes some of the oracle padding issues related to some of the tokens used by .NET applications. Some people have been downplaying the issues saying that these are only theoretical attacks, now researchers have posted a very practical demonstration of the attack on dotnetnuke. Enjoy!