cachimaster writes: A pair of security researchers have implemented an attack that exploits the way that ASP.NET Web applications handle encrypted session cookies, a weakness that could enable an attacker to hijack users' online banking sessions and cause other severe problems in vulnerable applications. Experts say that the bug, which will be discussed in detail at the Ekoparty conference in Argentina this week, affects millions of Web applications. "We knew ASP.NET was vulnerable to our attack several months ago, but we didn't know how serious it is until a couple of weeks ago. It turns out that the vulnerability in ASP.NET is the most critical amongst other frameworks. In short, it totally destroys ASP.NET security," said Thai Duong, who along with Juliano Rizzo, developed the attack against ASP.NET.
cachimaster writes: This is an "Ask Slashdot" Submission, I don't know if it's ok to submit it here. I want to ask the slashdot community if knowledge sharing is good for the individual employee. As an employee I have to share my knowledge to the rest of my company in the form of courses, etc. Its clear than the company, and therefore the humanity at a whole benefits for the sharing of information. But what about the individual employee?