South Africa-based retailer Woolworths Holdings is set to deploy an upgraded application that it developed with the help of a new Mainsoft tool that converts code written using Microsoft's intermediate languages to Java byte code. For the complete article, go to: http://www.computerworld.com/printthis/2004/0,4814,96180,00.html

6:54:13 PM  #  

Continuing its flirtation with open source, Microsoft Corp. on Monday posted the code of a little-known collaboration application to open-source development site SourceForge.net.

[InfoWorld: Top News]

6:53:26 PM  #  

For those of you working with ASP.NET, please be aware of the following reported security vulnerability in ASP.NET.

Microsoft is currently investigating a reported vulnerability in Microsoft ASP.NET. An attacker can send specially crafted requests to the server and view secured content without providing the proper credentials. This reported vulnerability exists in ASP.NET and does not affect ASP.

This issue affects Web content owners who are running any version of ASP.NET on Microsoft Windows 2000, Windows 2000 Server, Windows XP Professional, and Windows Server 2003.

The underlying issue is that ASP.NET is failing to perform proper canonicalization of some URLs. Microsoft Knowledge Base (KB) article 887459, "Programmatically Checking for Canonicalization Issues with ASP.NET," describes how to add additional safeguards to an ASP.NET application to help protect against common canonicalization issues, such as those related to this reported vulnerability.

The ASP.NET Team has confirmed that all versions of ASP.NET on all operating systems may be susceptible to this potential exploit. They strongly recommend you apply the following code to the Global.asax for each of your applications.

Global.asax code sample (Visual Basic .NET)

Sub Application_BeginRequest(Sender as Object, E as EventArgs)

    If (Request.Path.IndexOf(chr(92)) >= 0 OR _

        System.IO.Path.GetFullPath(Request.PhysicalPath) <> Request.PhysicalPath) then

        Throw New HttpException(404, "Not Found")

    End If

End Sub

Global.asax code sample (C#)

void Application_BeginRequest(object source, EventArgs e) {

    if (Request.Path.IndexOf('\') >= 0 ||

        System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) {

        throw new HttpException(404, "not found");

    }

}

The ASP.NET team is continuing to work on this problem and will post more information once it becomes available to http://www.microsoft.com/security/incident/aspnet.mspx.

Resources

http://www.microsoft.com/security/incident/aspnet.mspx

http://support.microsoft.com/?kbid=887459

6:50:23 PM  #  

CNet is reporting that tech jobs are on the decline. Click Here for Article

6:47:32 PM  #  

Microsoft previews 'Whitehorse' modeling tools for web applications for Visual Studio 2005. Click here for the complete article from CNet.
6:43:20 PM  #