A recent Technet (http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx) article claims that using the customErrors tag to set all error types to return the same error page will fix this security hole. But according to the research paper (linked in another comment), the POET tool can simply check the HTTP return code. I don't know enough about ASP.Net and IIS, but is the MS Technet blog article totally off here?

In one aspect, we can all thank Microsoft for this one with their MCSE mills which turned out a bunch of talentless mouse jockeys. Mind you, not ALL are talentless...but a lot I knew from the boom were. This had the unfortunate effect of taining a bunch of people who really didn't care about much more than dollar signs.

Though I haven't been in the IT industry long, and am not a high paid tech (yet), this makes perfect sence to me. The dot com era was a gold mine for a few years there, and many people with little or no real interest in technology jumped on the bandwagon in hopes of making a living. However, what about young people such as myself who are genuinely interested in technology and are working towards certs/BSCS in today's less than perfect IT industry? Do up and comer's with real desire have a chance to prove our worth?

Dan

http://pix.dontexist.com