Bonum Certa Men Certa

ASP.NET a Security Failure, Not Just a Patent Issue

I knew I should have stuck with freedom



Summary: Further new evidence that ASP.NET is a weak technology, Windows is extremely dangerous for use, and developers should replace it, not mimic it

Due to yet more security issues, any Mono and ASP.NET pusher at Novell ought to pay attention to deficiencies in the software it's mimicking. Here is the latest: [via]



'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps



A pair of security researchers have implemented an attack that exploits the way that ASP.NET Web applications handle encrypted session cookies, a weakness that could enable an attacker to hijack users' online banking sessions and cause other severe problems in vulnerable applications. Experts say that the bug, which will be discussed in detail at the Ekoparty conference in Argentina this week, affects millions of Web applications.


That would not be the first such embarrassment. We gave other such examples before. Windows may be the least responsibly patched operating system, based on Microsoft's record as of late.

According to this new statement, things are getting worse than ever for Windows, security-wise.

Windows users are still the number one target: 99.4 percent of all new malware of the first half of this year was written for Microsoft’s operating system. The other 0.6% targeted systems that contain e.g. Unix or Java technologies.


Here is a further analysis/breakdown by Pogson (who also found this cripple-ware cartoon which we missed):

That other OS was the target of 98.5% of malware with a further 0.6% aimed at .NET for a total of 99.4%. The remaining 0.6% was mainly attacks on servers with various scripting and cracking attacks.


The "other OS" is Windows and .NET is there too. .NET is insecure in another sense for other reasons too, patent violations for example.

Recent Techrights' Posts

XBox is Practically 'Dead Man Walking' at This Point
writings on the wall
SLAPP Censorship - Part 128 Out of 200: Making Laws Work for Britain, Not Oversensitive Americans Looking for 'Revenge' by Lawfare
The SLAPPs are intended to protect corporations (employers like Microsoft)
 
Quiet Week
Many in the US are still enjoying an extended weekend
The Media Needs to Speak of Slop as a Climate Issue Like It Did With Bitcoin
But the slop industry keeps paying the media to play along with the hype
IBM's Fall
IBM's fate is closely connected to that of the Free software movement because of the salaries
Social Dialogue at the European Patent Office (EPO) is Dead, the Strikes and Work Stoppage-Like Actions Carry on
What next for the EPO?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 05, 2026
IRC logs for Sunday, July 05, 2026
Links 05/07/2026: Shadows of the Upper Peninsula and 2026 Old Computer Challenge
Links for the day
Not Everything Should be Electric
technology has become detrimental to society
Gemini Links 05/07/2026: Eye of the Beholder and Baldur’s Gate 3 and Alhena 5.6.5
Links for the day
GNU/Linux Market Share is Already High
GNU/Linux has fast become and is still becoming mainstream in recent years
The 9-Step IBM Algorithm: Gaming Wall Street While Shedding Off Staff and Bribing the Mainstream Media to Play Along
Any time IBM preaches manners (e.g. CoC) to the community remember that IBM works closely with and flatters the dictator
They Could Never Kill the Ideas of Richard Stallman (RMS), But They Are Still Trying
Killing an idea is harder than killing a person and killing a person is illegal
Only Germany Objected to Salary Adjustment (Reduction) Procedure of "Team Campinos"
"flash report on the Administrative Council of 30 June and 1 July 2026"
A "Never Slop" Policy in Quibble
"every change in the repository must be made by a human"
Series on GNU/Linux in Japan
This series can last a week or longer
75% of All the Patents Last Year Were Software
The corporate media has more or less ceased to discuss this matter
At Microsoft "the Morale of Developers is at an All-time Low"
Numerous reports today say that after at least 5 studios got marked for shutdown (mothballing) by Microsoft there are rumours about Obsidian as well
Links 05/07/2026: Data Breaches, Heat Waves, and Weinstein Rape Conviction Upheld
Links for the day
Confidentiality at Risk With Slop 'Coding'
People who continue to cheer for slop aren't just misguided fanbis and fangurls
False Narratives of Slop "Efficiency" as Debt Climbs
false stories about slop
July 8 as "D-Day" for Microsoft, Mass Layoffs Planned
Microsoft's grip on the market has slipped for a long time
GNU/Linux Leaps to 6% in Thailand
Can we expect 10% by year's end?
EC Looking for Input on Digital Networks Act Until Next Month
New initiative
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 04, 2026
IRC logs for Saturday, July 04, 2026
Gemini Links 05/07/2026: Ragebaited and Removing Lines in Emacs
Links for the day
Links 05/07/2026: "Tesla Slams Into Crowded Cafe" and "ChatGPT [Turned] Into a Sociopath"
Links for the day
BRICS and Windows: All-Time Lows
Expect many more Microsoft layoffs in years to come
Do No Evil, Do Not DDoS
Sites that attract DDoS attacks because of their message are sites that are difficult to debunk or debate
France is Winning the Race Against Windows
France instructs, then orders, government agencies to adopt GNU/Linux
Not 2.5% and Not 2.5 Billion Dollars for "Hey Hi"; 2 Waves of Microsoft Layoffs Rumoured This Month, July 8th, Then July 22nd (Just Before 'Results')
People there join unions, knowing they will be terminated silently or otherwise
Microsoft Double Trouble With Slop
What does Microsoft even sell at this point?
Based on US Government Sites, GNU/Linux Has Reached About 8% "Market Share" in Desktops/Laptops
Culled to exclude mobile platforms, GNU/Linux would likely be above 8%
TheLayoff.com is Deleting Comments About IBM Offshoring
Meanwhile, rage-baiting Internet trolls and sometimes trolls who paste in LLM slop are immune from censorship
American Independence Needs Independent Media
The American regime's hostility towards media is an international problem
Techrights Was Always a Community Platform
Techrights is about whistleblowers
Phenomenal Growth for GNU/Linux in Afghanistan
This is impressive because for many years it was registered at near 0%
Daniel Pocock Pursuing Complaint in the United States Against Software in the Public Interest (SPI) et al
It seems like the only people who don't support him are those whom he criticises
Gemini Links 04/07/2026: Busy Squirrel, Independence Day Celebrations, PalmOS Programming
Links for the day
Canonical/Ubuntu is Breaking CP (cp) to Help Microsoft Turn Coreutils Into Proprietary Software for Windows
What we could do reliably in the 1970s (before GNU) we cannot do in 2026?
Brett Wilson LLP is Downsizing, Apparently Closing Down the Oversized and Overpriced Office
Address changed 13 hours ago
Free Software Has No Kings or CEOs
The kingdom is a cross-border phenomenon, so national flags and other such symbolism overlook the core problem [...] Free Software can help lead us out of the current imbalances
The United States Lost Freedom of Speech
independence refers to a condition, not an activity
IBM Replacing the People Who Built IBM With Cheaper and Younger Staff, According to IBM Insiders
This is a very common sentiment in IBM
For USA 250 Microsoft is Messing With Our Minds (2.50%) to Distract From Mass Layoffs
The slopfarms contribute to this noise
"Defective by Design" Turns 20
DBD is still as relevant as ever (probably more relevant than ever before)
A Bicycle for the Feeble Mind, or How Computers Got Worse for Productivity (Intentionally)
Many of us still adopt and champion the "workstation" mentality
Links 04/07/2026: Microsoft Tax Haven (Evasion) Tactics, Tobacco Bans, and More
Links for the day
Links 04/07/2026: 2026 Old Computer Challenge and Trying Gopher
Links for the day
SLAPP Censorship - Part 127 Out of 200: Lawsuits by Americans Filed in the UK a Burden on British Taxpayers, No Way to Recover the Funds When Americans Lose Their Cases
Are Garrett and Graveley 'pulling a 4Chan'?
Links 04/07/2026: USMCA (Covering Software Patents) Might Not be Renewed, Slop Bros Try to Pay Weird Al to Endorse Their Scheme
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 03, 2026
IRC logs for Friday, July 03, 2026