Security holes that run deep
A couple months ago, Toby Beaumont reported an ASP.NET vulnerability that, depending on the server configuration, allowed anyone to completely bypass user authentication and access protected files. Microsoft quickly provided a fix and the issue passed without much fanfare, mostly because the flaw wasn't widely exploited, and consequently many people failed to recognize just how serious this attack vector could be.
By Mark Burnett at SecurityFocus.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.