Sep 18, 2010 04:09 AM|Tim Acheson|LINK
Thanks for the link to the Microsoft's official security advisory for this padding oracle exploit, which is still under investigation.
It would be useful to see a more detailed response from MS. The's a lot of misleading and unreliable information about this in articles cirulating online, and some clarity from a trusted source is needed. There are thousands of articles make gross exaggerations,
e.g. that this "completely breaks ASP.NET's security".
What would be especially useful from Microsoft is some clarity on the following points.