Y'herd thisun? 

“Philip also watched and learned from the democratic assembly at Thebes. He saw the grave weakness of a system in which every man could voice his opinion and vote. Debates in the assembly were endless, while political parties worked to destroy the power of their rivals. Philip began to see how an old-fashioned monarchy like Macedonia could act much more decisively than a Greek city and be unstoppable”
-Philip Freeman

from Alexander The Great

ASP.Net Oracle Padding Patch

TaggedCoding, DotNet, ASP.Net

Last month an alert went out from Microsoft about a severe vulnerability in ASP.Net.  A quick workaround was stepped through but the kernal of the issue remained.

I just got this email blast from the DotNetNuke folks (very very nice of them even as I am no longer a Nuke user) about the official patch now being available as direct download AND NOW Windows Update.

I used Windows Update for two side servers today and they were all there correctly; Just use Custom and scan the list of Recommendeds/HighPriorities for ones marked with KB24xxxxxx, you can verify the exact patches by the KnowledgeBase listings on Scott Guthrie's blog post.

No matter your OS, if you run ASP.Net you should get the updates.  If money is on the line then of course you have to check the fine print and scan the comments of Guthrie's blog post and do extra testing ASAP in case you are doing some off-kilter code that hits a boundary of the patch. 

Here is the email I got from the Nukers...

Now, I haven't used DNN for years, I used it for a company back in v4x and even after getting the lightbulb on its code style and doing more than a few customizations I just had a knock down drag out with one of the core developers who would only do his job if you would publically call him a god rock star (oy, non-profits).  With all that I turned away from it in favor of coding to needs instead of shoe-horning.  BUT I do appreciate that they didn't lose my email address because quite honestly their alerts have been more timely and digestible than the ones I get from MSDN services.  If you like me get all the MS Sec emails but have grown to tune them out... maybe you might want to just sign up with nuke and let them blast you... odd way of doing things but with the last two months of severe issues it has been a saver for me. ;-)

Go get patched!

home     who is smith    contact smith     rss feed π
Since 1997 a place for my stuff, and it if helps you too then all the better