Bonum Certa Men Certa

ASP.NET a Security Failure, Not Just a Patent Issue

I knew I should have stuck with freedom



Summary: Further new evidence that ASP.NET is a weak technology, Windows is extremely dangerous for use, and developers should replace it, not mimic it

Due to yet more security issues, any Mono and ASP.NET pusher at Novell ought to pay attention to deficiencies in the software it's mimicking. Here is the latest: [via]



'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps



A pair of security researchers have implemented an attack that exploits the way that ASP.NET Web applications handle encrypted session cookies, a weakness that could enable an attacker to hijack users' online banking sessions and cause other severe problems in vulnerable applications. Experts say that the bug, which will be discussed in detail at the Ekoparty conference in Argentina this week, affects millions of Web applications.


That would not be the first such embarrassment. We gave other such examples before. Windows may be the least responsibly patched operating system, based on Microsoft's record as of late.

According to this new statement, things are getting worse than ever for Windows, security-wise.

Windows users are still the number one target: 99.4 percent of all new malware of the first half of this year was written for Microsoft’s operating system. The other 0.6% targeted systems that contain e.g. Unix or Java technologies.


Here is a further analysis/breakdown by Pogson (who also found this cripple-ware cartoon which we missed):

That other OS was the target of 98.5% of malware with a further 0.6% aimed at .NET for a total of 99.4%. The remaining 0.6% was mainly attacks on servers with various scripting and cracking attacks.


The "other OS" is Windows and .NET is there too. .NET is insecure in another sense for other reasons too, patent violations for example.

Recent Techrights' Posts

Pushing Nonsense Using the Brand "Linux"
the trademark "Linux" might already lack potency
In China, statCounter Seeing Windows Vista 11 as Falling 2.5% This Month Relative to Other Versions of Windows (Vista 7 Grows Its Gap Over "11")
Vista 7 is bigger!
Wine Took the Bait (Mono), Soon Starts the Microsoft Circus With the Banhammer
large companies are exercising more control over the thing/s they claim to "donate" to
This is Not a Sustainable Way to Run Microsoft
This is a downward spiral
 
Sites Writing Fake News About Linux Using LLMs (Microsoft Hype That Promotes Misinformation)
RMS recently called these "bullshit machines"
Gemini Links 15/09/2024: MINIbase and Pocket Reform Experience
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 14, 2024
IRC logs for Saturday, September 14, 2024
[Meme] The Prosecutor and Prosecuted, the Community and Businessmen (Red Hat)
"Social justice is not a corporate slogan or identity politics"
Dr. Richard M. Stallman (RMS) Explains Why So-called 'Cryptocurrencies' Suck and Why GNU Taler is Better
"I've never used cryptocurrency. There were things I found disappointing and worrisome..."
Links 14/09/2024: Verizon's 5,000 Layoffs and China's 'Runaway' Pension Age
Links for the day
Gemini Links 14/09/2024: Comparing Costs and Being "Tamed"
Links for the day
Links 14/09/2024: Science, War, and Politics
Links for the day
Transcript (and Correction) of Dirk Hohndel's Interview With Linus Torvalds in 2014
A lot of things have deteriorated since then
Microsoft Asia President Ahmed Mazhari Leaves the Company
Even everything they say about Mazhari is just "prepared" quotes from Microsoft itself
Contrary to What Microsoft Claims, Teams Were Cut Yesterday, XBox Sales Have Collapsed, Layoffs Announced at 3AM (in the Morning)
There is actually a lot of media coverage about this, unlike prior waves of layoffs at Microsoft
Last Month Dr. Richard M. Stallman (RMS) Explained Why You Should Delete GitHub
RMS explained why
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 13, 2024
IRC logs for Friday, September 13, 2024
Gemini Links 14/09/2024: LoRa, ROOPHLOCH, and Crafting a Programming Language
Links for the day
[Video] Why Hurd and MINIX (or BSD) Didn't Get Ahead of Linux?
We've converted the video into WebM to make it more accessible
Dr. Richard M. Stallman (RMS) Explains That a Free/Libre Program Running on Somebody Else's Server (e.g. Clown Computing) Leads to Freedom Deficit
"when you are doing your computing you must not entrust that to somebody else's server because users including you should have control over their own computing but you can never have control over what somebody else's server does because somebody else installs software in that computer and configures it and thus decides what computing it is going to do."
ircII Has Turned 35
Don't listen to people who say IRC is "dead"
[Meme] Code of Conduct in WINE
irritate productive developers...
Number of Gemini Capsules Rising Closer to 4,100, Certificate Authority "Let's Encrypt" Down to 1.1%
Some time soon the Certificate Authority "Let's Encrypt" will probably fall below 1%
Richard M. Stallman Explains Why the Web Becoming a Pile of Proprietary JavaScript Programs (Not Pages to Render) Does Harm to Web Users
"The web was designed to let users control how that data would be rendered but businesses didn't like that."
[Meme] From Checked by Three Examiners to Gone (Granted) in 3 Seconds!
twice as many monopolies with 10% less staff
EPO Staff Representatives Explain the Latest Corruption at the EPO in a New Paper
Owing to corrupt management the EPO has resorted to corporate crime or organised crime designed to benefit large corporations. Who will pay the price? Everybody else in Europe.
Links 13/09/2024: Crackdowns on Bloggers, Deepfakes, Internet Archive‘s Wayback Machine Now in Google Search
Links for the day
RedMonk: September the Month of the Mouth of Redmond (Still)
the usual storyline, i.e. what's not controlled by Microsoft's proprietary GitHub simply does not exist
Links 13/09/2024: Disinformation in Focus, End of Presidential Debates (Trump Accepts It Hurts Him)
Links for the day
Mono as a Double-Purpose Trojan Horse Inside Wine
And now they can oust founders and top contributor with a CoC
This is How Bad Things Have Become at Microsoft
We're seeing nearly 80 reports in English about those layoffs
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 12, 2024
IRC logs for Thursday, September 12, 2024
Links 13/09/2024: Recorded Future Bought by MasterCard, Bits of Freedom Turns 25
Links for the day
Gemini Links 13/09/2024: Towards Aristocratic Personal Computing, Technology and Privac
Links for the day
Once Again, Mass Layoffs at Microsoft (Just Like Every Month This Year)
Reporting and articles trickling in (in recent hours)
Rumour: Layoffs in IBM Consulting Today
IBM has had many layoffs lately