Digithoughts

Digitaria’s Director of Enterprise Software Solutions, Sasha Pfandt, recently helped Microsoft circumvent a critical security vulnerability in their ASP.NET framework. Sasha was kind enough to give us some more
visibility into the core issue. For more information regarding this vulnerability, please visit:
http://www.microsoft.com/technet/security/bulletin/MS09-036.mspx

Sasha, what do you do at Digitaria?

I'm lucky to be a part of an amazing team of talented and dedicated professionals. My role changes from project to project, but most often I find myself working on overall system architecture, planning and collaboration within Digitaria’s technology department. I’m here to make sure things “click.”

As part of our process we get to evaluate the latest technologies and pick the most promising and innovative ones, then put them through vigorous testing. Some software works great, others not so much.

So when and how did you come across this security vulnerability in
the .NET framework? Please tell us a little more about it.

Some time ago we were going through the load-testing phase for one of our projects. Several scripts were written to simulate traffic from various sources to every page of the site.

A combination of the request and the application's configuration yielded unpredicted results. We looked deeper...  then decided that it was time to call Microsoft.

And once you found and reported the vulnerability, what happened next?

After the issue was confirmed, Microsoft supplied us with the hotfix in less than 48 hours from the moment the vulnerability was reported. Then we worked closely with the Microsoft Security Response Center until the patch was released and the security bulletin was published.

We got a clear indication that Microsoft had this process streamlined and knew what they were doing.

Any tips for administrators?

The security bulletin has most of the information. Though, I would add that at this point majority of websites will not be affected, but I urge hosting providers to install the update as soon as possible.

Thank you, Sasha! 

Bobby Ghoshal Marketing & Brand Manager

Read more from the Creative category. If you would like to leave a comment, click here: Comment or stay up to date with this post via RSS, or you can Trackback from your site.