Attack against ASP.NET

There have been many articles on this. This new attack is a very good example of how hackers go after implementation flaws rather than the actual crypto algorithms.

We discussed this and also about side channel attacks in the book. Comprehensive threat modelling, secure design and immaculate implementation are really hard to conquer. Anyways, it is time to get patching.

MS SDL now under CC license

Bitten by its own bunch of windows bugs, Microsoft invested heavily in secure development efforts and has been pioneer in that space ever since. They have now announced that they'll be releasing their Security Development Lifecycle (SDL) under the creative commons license.

While all of their SDL tools will still be under Microsoft license, this is still a good move so that a large cross-section of the software industry can now adopt their documented processes into their internal documentation.