Several well-known web sites including The Register, The Daily Telegraph, UPS.comn and Acer.com suffered a DNS hack on Sunday evening. The consequence is that visitors to the sites may see a Turkish hack message.



The hacked sites share a common registrar, Ascio Technologies, and were registered through NetNames. Both NetNames and Ascio are brands of GroupNBT. Zone-h suggests:

It appears that the turk­ish...

I have been assisting a friend who, she told me, could not get BBC iPlayer to work. Further, another site was telling her she did not have ActiveX, but she was sure she had it.

This was puzzling me. She described how she went to the BBC iPlayer site, and it said she needed to install Flash.



She clicked the link and got to Adobe’s download site. She clicked Download now and got a page describing four steps to install, but nothing happened, no download.

She clicked Adobe’s troubleshooting guide, which took her through uninstalling Flash...

Kim Cameron, formerly chief identity architect at Microsoft, has  confirmed that he has left the company. In an interview at the European Identity Conference in Munich he discusses the state of play in identity management, but does not explain what interests me most: why he left. He was respected across the industry and to my mind was a tremendous asset to Microsoft; his presence went a long way to undoing the damage of Hailstorm, an abandoned project from 2001 which sought to place Microsoft at the centre of digital life and failed largely because of industry mistrust.

There is an analysis by Rob Rachwald over on the Imperva Data Security Blog of how an RTF document can carry a virus, in this case a trojan executable. RTF (RIch Text Format) is generally considered safer than the Microsoft Office .DOC format since it cannot include macros; but the vulnerability in this case is in the software that parses the RTF when it is opened in Microsoft Office on Windows or Mac – though in this case the actual payload is Windows-only so would not normally affect Mac users.

Scott Guthrie’s blog reports that a fix is now available for the Padding Oracle attack, which enables successful attackers to break the security of ASP.NET applications. There are a few points of interest.

Security vulnerabilities are reported constantly, but some have more impact than others. The one that came into prominence last weekend (though it had actually been revealed several months ago) strikes me as potentially high impact. Colourfully named the Padding Oracle attack, it was explained and demonstrated at the ekoparty security conference. In particular, the researchers showed how it can be used to compromise ASP.NET applications:

The most significant new discovery is an universal Padding Oracle affecting every ASP.NET web application. In short, you can decrypt cookies, view states, form authentication tickets, membership password, user data, and anything else encrypted using the framework’s API! … The impact of the attack depends on the applications installed on the server, from information disclosure to total system compromise.

This is alarming simply because of the huge number of ASP.NET applications out there....

A Silverlight application is a .NET application. Most developers will be aware of this; but it is worth noting that whereas ASP.NET code executes on the server and is not normally available for download, Silverlight code is downloaded to the client and can easily be decompiled. It is almost as easy to view as JavaScript code in the browser.

If you want to investigate this, the first thing to do is to find the .xap file which contains the Silverlight application. You will likely find this in your browser cache, or you can download it directly from the web site hosting the application. If you have out-of-browser Silverlight apps, they are usually located at:

C:\Users\[username]\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser

Copy the .xap file somewhere convenient, and rename it to have a .zip extension. Then extract the files. The result looks something like this:

...