Category Archives: Community

Watch ICC Cricket World Cup 2011 Live Streaming

You can watch ICC Cricket World Cup 2011 online. You only need to register on this website, it will take 20 seconds to register:\r\n

Watch ICC Cricket World Cup 2011 Live streaming – Windows Media Player

\r\n\r\n\r\n

ICC World Cup 2011 Matches Live ICC World Cup WM Streaming
\r\n

\r\n

Watch ICC World Cup 2011 Live streaming – Flash Player

\r\n

\r\n\r\n\r\n

ICC World Cup 2011 Matches Live Flash Streaming
\r\n

\r\n

ICC World Cup Schedule

\r\n\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

Date Local GMT PST Match Details Venue
Feb 19, 2011 14:30 08:30 13:30 Group B : Bangladesh vs India, 1st ODI Day Night Match - Day Night Match Mirpur
Feb 20, 2011 09:30 04:00 09:00 Group A : New Zealand vs Kenya, 2nd ODI - Day Night Match Chennai
Feb 20, 2011 14:30 09:00 14:00 Group A : Sri Lanka vs Canada, 3rd ODI Day Night Match - Day Night Match Hambantota
Feb 21, 2011 14:30 09:00 14:00 Group A : Australia vs Zimbabwe, 4th ODI Day Night Match - Day Night Match Ahmedabad
Feb 22, 2011 14:30 09:00 14:00 Group B : England vs Netherlands, 5th ODI Day Night Match - Day Night Match Nagpur
Feb 23, 2011 14:30 09:00 14:00 Group A : Pakistan vs Kenya, 6th ODI Day Night Match Hambantota
Feb 24, 2011 14:30 09:00 14:00 Group B : South Africa vs West Indies, 7th ODI Day Night Match Delhi
Feb 25, 2011 09:30 03:30 08:30 Group B : Bangladesh vs Ireland, 8th ODI Mirpur
Feb 25, 2011 14:30 09:00 14:00 Group A : Australia vs New Zealand, 9th ODI Day Night Match Nagpur
Feb 26, 2011 14:30 09:00 14:00 Group A : Pakistan vs Sri Lanka, 10th ODI Day Night Match Colombo
Feb 27, 2011 14:30 09:00 14:00 Group B : India vs England, 11th ODI Day Night Match Bangalore
Feb 28, 2011 09:30 04:00 09:00 Group A : Canada vs Zimbabwe, 12th ODI Nagpur
Feb 28, 2011 14:30 09:00 14:00 Group B : West Indies vs Netherlands, 13th ODI Day Night Match Delhi
Mar 1, 2011 14:30 09:00 14:00 Group A : Sri Lanka vs Kenya, 14th ODI Day Night Match Colombo
Mar 2, 2011 14:30 09:00 14:00 Group B : England vs Ireland, 15th ODI Day Night Match Bangalore
Mar 3, 2011 09:30 04:00 09:00 Group B : South Africa vs Netherlands, 16th ODI Mohali
Mar 3, 2011 14:30 09:00 14:00 Group A : Pakistan vs Canada, 17th ODI Day Night Match Colombo
Mar 4, 2011 09:30 04:00 09:00 Group A : New Zealand vs Zimbabwe, 18th ODI Ahmedabad
Mar 4, 2011 14:30 08:30 13:30 Group B : Bangladesh vs West Indies, 19th ODI Day Night Match Mirpur
Mar 5, 2011 14:30 09:00 14:00 Group A : Australia vs Sri Lanka, 20th ODI Day Night Match Colombo
Mar 6, 2011 09:30 04:00 09:00 Group B : South Africa vs England, 21st ODI Chennai
Mar 6, 2011 14:30 09:00 14:00 Group B : India vs Ireland, 22nd ODI Day Night Match Bangalore
Mar 7, 2011 14:30 09:00 14:00 Group A : Canada vs Kenya, 23rd ODI Day Night Match Delhi
Mar 8, 2011 14:30 09:00 14:00 Group A : Pakistan vs New Zealand, 24th ODI Day Night Match Kandy
Mar 9, 2011 14:30 09:00 14:00 Group B : India vs Netherlands, 25th ODI Day Night Match Delhi
Mar 10, 2011 14:30 09:00 14:00 Group A : Sri Lanka vs Zimbabwe, 26th ODI Day Night Match Kandy
Mar 11, 2011 09:30 04:00 09:00 Group B : West Indies vs Ireland, 27th ODI Mohali
Mar 11, 2011 14:30 08:30 13:30 Group B : Bangladesh vs England, 28th ODI Day Night Match Chittagong
Mar 12, 2011 14:30 09:00 14:00 Group B : India vs South Africa, 29th ODI Day Night Match Nagpur
Mar 13, 2011 09:30 04:00 09:00 Group A : New Zealand vs Canada, 30th ODI Mumbai
Mar 13, 2011 14:30 09:00 14:00 Group A : Australia vs Kenya, 31st ODI Day Night Match Bangalore
Mar 14, 2011 09:30 03:30 08:30 Group B : Bangladesh vs Netherlands, 32nd ODI Chittagong
Mar 14, 2011 14:30 09:00 14:00 Group A : Pakistan vs Zimbabwe, 33rd ODI Day Night Match Kandy
Mar 15, 2011 14:30 09:00 14:00 Group B : South Africa vs Ireland, 34th ODI Day Night Match Kolkata
Mar 16, 2011 14:30 09:00 14:00 Group A : Australia vs Canada, 35th ODI Day Night Match Bangalore
Mar 17, 2011 14:30 09:00 14:00 Group B : England vs West Indies, 36th ODI Day Night Match Chennai
Mar 18, 2011 09:30 04:00 09:00 Group A : Ireland vs Netherlands, 37th ODI Kolkata
Mar 18, 2011 14:30 09:00 14:00 Group A : Sri Lanka vs New Zealand, 38th ODI Day Night Match Mumbai
Mar 19, 2011 09:30 03:30 08:30 Group B : Bangladesh vs South Africa, 39th ODI Mirpur
Mar 19, 2011 14:30 09:00 14:00 Group A : Pakistan vs Australia, 40th ODI Day Night Match Colombo
Mar 20, 2011 09:30 04:00 09:00 Group A : Zimbabwe vs Kenya, 41st ODI Kolkata
Mar 20, 2011 14:30 09:00 14:00 Group B : India vs West Indies, 42nd ODI Day Night Match Chennai
Mar 23, 2011 14:30 09:30 14:30 TBC vs TBC, 1st Quarter Final ODI Day Night Match Mirpur
Mar 24, 2011 14:30 10:00 15:00 TBC vs TBC, 2nd Quarter Final ODI Day Night Match Colombo
Mar 25, 2011 14:30 09:30 14:30 TBC vs TBC, 3rd Quarter Final ODI Day Night Match Mirpur
Mar 26, 2011 14:30 10:00 15:00 TBC vs TBC, 4th Quarter Final ODI Day Night Match Ahmedabad
Mar 29, 2011 14:30 10:00 15:00 TBC vs TBC, 1st Semi Final ODI Day Night Match Colombo
Mar 30, 2011 14:30 10:00 15:00 TBC vs TBC, 2nd Semi Final ODI Day Night Match Mohali
Apr 2, 2011 14:30 10:00 15:00 TBC vs TBC, The Final ODI Day Night Match Mumbai

Is Google eBookstore bigger best?

I love to read, I pretty much read everything I get my hands on, including my morning cereal box. Google EBook\r\n\r\nI have books on my iPod Touch, my iPad, my laptop and my phone, believe it or not, I think I’d still also enjoy having an eReader. I know I’m probably not the norm, but there are probably a few people out there just like me.\r\n\r\nEnough folks like me, that the new Google eBookstore might just be a good thing. Touting themselves as having the largest digital bookstore in the world,\r\n\r\nthe Google eBookstore is a bit different in a few ways. First, unlike Amazon, Google sells books that come in various formats and can be read on almost any device, from the iPad to your netbook or smartphone… but uh-oh, not on your Kindle.\r\n\r\nSecond, The Google eBookstore might just be bigger than it’s competitors, with over 3 million books available with many of them free and hundreds of thousands of titles for sale. The options are certainly extensive. Cheaper? Maybe not, but it certainly seems like a generous selection.\r\n\r\nLastly, Google also offers a Google eBooks Web Reader, where you can buy, store and read Google eBooks in the cloud allowing you access to your ebooks like you would your messages in Gmail, using a free account with unlimited ebooks storage.\r\n\r\nNot everybody needs all this, but I believe its better to have and not need, you know what I mean? But if you have a Kindle, then never mind.\r\n\r\nThe Google eBookstore is open now, at  www.books.google.com\r\n\r\nSource: Google eBooks

Novell acquired by Attachmate

Novell has announced that it has agreed to a merger proposition from the Attachmate Corporation, an investment group led by Francisco Partners, Golden Gate Capital and Thoma Bravo, for $2.2 billion (£1.25 billion). The company also confirmed that it will also be selling certain, as yet undisclosed, IP assets to CPTN Holdings LLC, a consortium organised by the Microsoft Corporation for $450 million (£282 million) in cash.\n

Attachmate says that it plans to operate Novell as two business units: Novel and SUSE and to join these with Attachmate and NetIQ, its other holdings. The completion of the acquisition is still subject to the usual regulatory conditions and to the approval of the stockholders.\n

Novell President and CEO Ron Hovsepian said of the merger, “After a thorough review of a broad range of alternatives to enhance stockholder value, our Board of Directors concluded that the best available alternative was the combination of a merger with Attachmate Corporation and a sale of certain intellectual property assets to the consortium”.\n

Discussing the news, Attachmate Corporation Chairman and CEO Jeff Hawn said, “… The addition of Novell to our Attachmate and NetIQ businesses will enhance the spectrum of solutions we can offer to customers. We fully support Novell’s commitment to its customers and we look forward to continuing to invest for the benefit of Novell’s customers and partners”.\n

The news of the acquisition comes nearly two months after reported acquisition delays over legacy assets. During the past year, a number of private equity firms were expected to bid for Novell’s non-Linux business, which includes the Netware and identity management units, but were apparently unwilling to pay the price Novell was asking. There had been a number of further rejected bids for Novell in its entirety since it rejected a unsolicited $2Bn bid from the Elliot Associateshedge fund and said it was considering its options. (trk)\n

Facebook and Skype exploring partnership

\r\n\r\n
Facebook and Skype
Facebook and Skype
\r\n\r\n

\r\n

Social networking website Facebook and Internet telephone company Skype are in talks to establish a partnership that is aimed at integrating their communication services, Wall Street Journal said, citing a person familiar with the situation. Under the proposed partnership, Facebook users would be able to sign into Skype through their Facebook Connect accounts, the Journal said. Once signed in, the users would be able to send text messages, voice chat and video chat with their Facebook friends from within Skype, according to the paper.

\r\n

The integrated functions are built into Skype’s 5.0 version, which is expected to be released in the next few weeks, the person told the paper.

\r\n

Enabling Skype’s voice and video chat on Facebook would be a “logical progression” to the partnership, the person told the paper. Facebook and Skype could not immediately be reached for comment by Reuters. (Reuters)

\r\nSocial networking website Facebook and Internet telephone company Skype are in talks to establish a partnership that is aimed at integrating their communication services, Wall Street Journal said, citing a person familiar with the situation. Under the proposed partnership, Facebook users would be able to sign into Skype through their Facebook Connect accounts, the Journal said. Once signed in, the users would be able to send text messages, voice chat and video chat with their Facebook friends from within Skype, according to the paper.\r\nThe integrated functions are built into Skype’s 5.0 version, which is expected to be released in the next few weeks, the person told the paper.\r\nEnabling Skype’s voice and video chat on Facebook would be a “logical progression” to the partnership, the person told the paper. Facebook and Skype could not immediately be reached for comment by Reuters.

ASP.Net Vulnerability Patch released: Microsoft Security Bulletin MS10-070

Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)

\r\n

\r\n\r\nMicrosoft released ASP.net Vulnerability path through Download centre, for details please click here.\r\n

\r\n\r\nThis security update resolves a publicly disclosed vulnerability in ASP.NET. The vulnerability could allow information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server. Microsoft .NET Framework versions prior to Microsoft .NET Framework 3.5 Service Pack 1 are not affected by the file content disclosure portion of this vulnerability.\r\n\r\nThis security update is rated Important for all supported editions of ASP.NET except Microsoft .NET Framework 1.0 Service Pack 3. For more information, see the subsection,Affected and Non-Affected Software, in this section.\r\n\r\nThe security update addresses the vulnerability by additionally signing all data that is encrypted by ASP.NET. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.\r\n\r\nThis security update also addresses the vulnerability first described in Microsoft Security Advisory 2416728.\r\n\r\nRecommendation. Microsoft recommends that customers apply the update at the earliest opportunity.\r\n\r\nSee also the section, Detection and Deployment Tools and Guidance, later in this bulletin.\r\n\r\nKnown Issues. Microsoft Knowledge Base Article 2418042 documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues.\r\n\r\nThe patch is available through Microsoft download centre\r\n\r\n

\r\n

How to Get the most out of VLC Media Player for iPad

iPad Screenshot
\r\n\r\nVLC is a free and open source cross-platform multimedia player and framework, that plays most multimedias files and various streaming protocols. It is simple to use, yet very powerful and extendable.\r\nVLC has all codecs built-in. It comes with support for nearly all codec there is. And what is more it can even play back the file or media if it is damaged! Missing or broken pieces are no stop to VLC, it plays all the video and audio information that’s still intact.\r\n\r\nVLC has come to the iPad, adding playback support for media formats that were previously unplayable on Apple devices. Without hardware acceleration, however, you’re going to run into playback issues. Here are your best bets for optimal playback.\r\n\r\n\r\n\r\n
vlc-for-ipad-title-image
\r\n\r\nOut of the starting gates, VLC Media Player for iPad is a little buggy, doesn’t play back HD content too well, but is still very, very welcome. The interface is pretty slick, and copying your media files through iTunes is simple enough. While some formats aren’t supported (RealMedia, FLV, etc.), many new ones are (AVI, MPG, MKV, etc.). Let’s take a look at getting your media files into VLC and which files it’ll handle best.\r\n\r\n
FLV screen_shot 1
\r\n\r\n\r\n\r\nAdding files is pretty straightforward. Hook your iPad up to iTunes, choose it from the sidebar, click the “Apps” tab, and scroll down to the “File Sharing” section. From there you can choose VLC and add files through drag-and-drop or the “Add…” button. As soon as you do, iTunes will start copying the files over to VLC and you’ll be able to use them immediately after it finishes.\r\n

\r\n\r\n\r\nThe problems come when you start copying supported files and VLC crashes or simply can’t handle the work you’re throwing at it. This is a shortcoming of the iPad more than VLC, as the iPad is really only designed to play back MPEG4/H.264 encoded to Apple’s specifications. VLC doesn’t seem to take advantage of the iPad’s MPEG/H.264 hardware acceleration, and so HD files tend to be unwatchable and may cause crashes. VLC is, at least, kind enough to warn you when you’re trying to throw a file at it that your iPad can’t handle.\r\n

movie

\r\nDetermining what you can play back well is a little difficult, since it’s mostly trial and error. VLC will let you know when it thinks you’re pushing the limits, but often files that it thinks it can play don’t look so great. So what do you do?\r\n\r\nWe’ve played around with VLC for iPad a bit and have found that most standard definition files work alright. For the most part, your best bet is standard definition AVI files using DiVX. Even at higher bit rates (about 2500kbps), DiVX AVIs seemed to play back smoothly and scrubbing wasn’t an issue. This is great news for BitTorrenters, as most TV shows are already encoded as DiVX AVI and are already optimal for iPad playback in VLC.\r\n\r\n\r\n\r\nIf you want HD on your iPad, VLC will get you half-way there. While 720p DiVX AVI video stuttered quite a bit, the same video encoded at about 3000kbps at 960×540 worked just fine. Since 960×540 is the recommended resolution for your iPad’s video anyway, it’s a good target for your HD content.\r\n\r\nVLC is available now on iTunes, absolutely free. VLC Media Player

Important: ASP.NET Security Vulnerability

\r\n\r\nA few hours ago Microsoft released a Microsoft Security Advisory about a security vulnerability in ASP.NET.  This vulnerability exists in all versions of ASP.NET.\r\n\r\nThis vulnerability was publically disclosed late Friday at a security conference.  We recommend that all customers immediately apply a workaround (described below) to prevent attackers from using this vulnerability against your ASP.NET applications.\r\n

What does the vulnerability enable?

\r\nAn attacker using this vulnerability can request and download files within an ASP.NET Application like the web.config file (which often contains sensitive data).\r\n\r\nAt attacker exploiting this vulnerability can also decrypt data sent to the client in an encrypted state (like ViewState data within a page).\r\n

How the Vulnerability Works

\r\nTo understand how this vulnerability works, you need to know about cryptographic oracles. An oracle in the context of cryptography is a system which provides hints as you ask it questions. In this case, there is a vulnerability in ASP.NET which acts as a padding oracle. This allows an attacker to send cipher text to the web server and learn if it was decrypted properly by examining which error code was returned by the web server.  By making many such requests (and watching what errors are returned) the attacker can learn enough to successfully decrypt the rest of the cipher text.\r\n

How to Workaround The Vulnerability

\r\nA workaround you can use to prevent this vulnerability is to enable the <customErrors> feature of ASP.NET, and explicitly configure your applications to always return the same error page – regardless of the error encountered on the server. By mapping all error pages to a single error page, you prevent a hacker from distinguishing between the different types of errors that occur on a server.\r\n\r\nImportant: It is not enough to simply turn on CustomErrors or have it set to RemoteOnly. You also need to make sure that all errors are configured to return the same error page.  This requires you to explicitly set the “defaultRedirect” attribute on the <customErrors> section and ensure that no per-status codes are set.\r\n

Enabling the Workaround on ASP.NET V1.0 to V3.5

\r\nIf you are using ASP.NET 1.0, ASP.NET 1.1, ASP.NET 2.0, or ASP.NET 3.5 then you should follow the below steps to enable <customErrors> and map all errors to a single error page:\r\n\r\n1) Edit your ASP.NET Application’s root Web.Config file.  If the file doesn’t exist, then create one in the root directory of the application.\r\n\r\n2) Create or modify the <customErrors> section of the web.config file to have the below settings:\r\n

\r\n

<configuration>\r\n   <system.web>\r\n      <customErrors mode="On" defaultRedirect="~/error.html" />\r\n   </system.web>\r\n</configuration>

\r\n

\r\n3) You can then add an error.html file to your application that contains an appropriate error page of your choosing (containing whatever content you like).  This file will be displayed anytime an error occurs within the web application.\r\n\r\nNotes: The important things to note above is that customErrors is set to “on”, and that all errors are handled by the defaultRedirect error page.  There are not any per-status code error pages defined – which means that there are no <error> sub-elements within the <customErrors> section.  This avoids an attacker being able to differentiate why an error occurred on the server, and prevents information disclosure.\r\n

Enabling the Workaround on ASP.NET V3.5 SP1 and ASP.NET 4.0

\r\nIf you are using ASP.NET 3.5 SP1 or ASP.NET 4.0 then you should follow the below steps to enable <customErrors> and map all errors to a single error page:\r\n\r\n1) Edit your ASP.NET Application’s root Web.Config file.  If the file doesn’t exist, then create one in the root directory of the application.\r\n\r\n2) Create or modify the <customErrors> section of the web.config file to have the below settings.  Note the use of redirectMode=”ResponseRewrite” with .NET 3.5 SP1 and .NET 4.0:\r\n

\r\n

<configuration>\r\n   <system.web>\r\n     <customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="~/error.aspx" />\r\n   </system.web>\r\n</configuration>

\r\n

\r\n3) You can then add an Error.aspx to your application that contains an appropriate error page of your choosing (containing whatever content you like).  This file will be displayed anytime an error occurs within the web application.\r\n\r\n4) We recommend adding the below code to the Page_Load() server event handler within the Error.aspx file to add a random, small sleep delay. This will help to further obfuscate errors.\r\n\r\nVB Version\r\n\r\nBelow is a VB version of an Error.aspx file that you can use, and which has a random, small sleep delay in it.  You do not need to compile this into an application – you can optionally just save this Error.aspx file into the application directory on your web-server:\r\n

\r\n

<%@ Page Language="VB" AutoEventWireup="true" %>\r\n<%@ Import Namespace="System.Security.Cryptography" %>\r\n<%@ Import Namespace="System.Threading" %>\r\n\r\n<script runat="server">\r\n    Sub Page_Load()\r\n        Dim delay As Byte() = New Byte(0) {}\r\n        Dim prng As RandomNumberGenerator = New RNGCryptoServiceProvider()\r\n\r\n        prng.GetBytes(delay)\r\n        Thread.Sleep(CType(delay(0), Integer))\r\n\r\n        Dim disposable As IDisposable = TryCast(prng, IDisposable)\r\n        If Not disposable Is Nothing Then\r\n            disposable.Dispose()\r\n        End If\r\n    End Sub\r\n</script>\r\n\r\n<html>\r\n<head runat="server">\r\n    <title>Error</title>\r\n</head>\r\n<body>\r\n    <div>\r\n        Sorry - an error occured\r\n    </div>\r\n</body>\r\n</html>

\r\n

\r\nC# Version\r\n\r\nBelow is a C# version of an Error.aspx file that you can use, and which has a random, small sleep delay in it.  You do not need to compile this into an application – you can optionally just save it into the application directory on your web-server:\r\n

\r\n

<%@ Page Language="C#" AutoEventWireup="true" %>\r\n<%@ Import Namespace="System.Security.Cryptography" %>\r\n<%@ Import Namespace="System.Threading" %>\r\n\r\n<script runat="server">\r\n   void Page_Load() {\r\n      byte[] delay = new byte[1];\r\n      RandomNumberGenerator prng = new RNGCryptoServiceProvider();\r\n\r\n      prng.GetBytes(delay);\r\n      Thread.Sleep((int)delay[0]);\r\n\r\n      IDisposable disposable = prng as IDisposable;\r\n      if (disposable != null) { disposable.Dispose(); }\r\n    }\r\n</script>\r\n\r\n<html>\r\n<head runat="server">\r\n    <title>Error</title>\r\n</head>\r\n<body>\r\n    <div>\r\n        An error occurred while processing your request.\r\n    </div>\r\n</body>\r\n</html>

\r\n

\r\n

How to Verify if the Workaround is Enabled

\r\nOnce you have applied the above workaround, you can test to make sure the <customErrors> section is correctly configured by requesting a URL like this from your site: http://mysite.com/pagethatdoesnotexist.aspx\r\n\r\nIf you see the custom error page appear (because the file you requested doesn’t exist) then your configuration should be setup correctly.  If you see a standard ASP.NET error then it is likely that you missed one of the steps above.  To see more information about what might be the cause of the problem, you can try setting <customErrors mode=”remoteOnly”/> – which will enable you to see the error message if you are connecting to the site from a local browser.\r\n

How to Find Vulnerable ASP.NET Applications on Your Web Server

\r\nhttp://asp.net have published a .vbs script that you can save and run on your web-server to determine if there are ASP.NET applications installed on it that either have <customErrors> turned off, or which differentiate error messages depending on status codes.\r\n\r\nYou can download the .vbs script here.  Simply copy/paste the script into a text file called “DetectCustomErrors.vbs” and save it to disk.  Then launch a command window that is elevated as admin and run “cscript DetectCustomErrors.vbs” to run it against your local web-server.  It will enumerate all of the applications within your web server and verify that the correct <customErrors> configuration has been specified.\r\n\r\ncommand[1]\r\n\r\nIt will flag any application where it finds that an application’s web.config file doesn’t have the <customErrors> section (in which case you need to add it), or doesn’t have it set correctly to workaround this attack (in which case you need to update it).  It will print “ok” for each application web.config file it finds that is fine.  This should hopefully make it easier to locate issues.\r\n\r\nNote: http://asp.net have developed this detection script over the last few hours, and will be refining it further in the future.  I will post an update in this section each time we make a change to it.\r\n

How to Find More Information about this Vulnerability

\r\nYou can learn more about this vulnerability from:\r\n

\r\n

Forum for Questions

\r\nThere is a dedicated forum on the www.asp.net site to help answer questions about this vulnerability.\r\n\r\nPost questions here to ask questions and get help about this vulnerability.\r\n

Summary

\r\nI will post more details as I learn more, and will also be post the patch that can be used to correct the root cause of the issue (and avoid the need for the above workaround).\r\n\r\nUntil then, please apply the above workaround to all of your ASP.NET applications to prevent attackers from exploiting it.\r\n\r\nThis article applies on:\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

Operating System Component
Windows XP
Windows XP Media Center Edition 2005 and Windows XP Tablet PC Edition 2005 Microsoft .NET Framework 1.0 Service Pack 3
Windows XP Service Pack 3 Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 2.0 Service Pack 2\r\nMicrosoft .NET Framework 3.5\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 2.0 Service Pack 2\r\nMicrosoft .NET Framework 3.5\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Server 2003
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 2.0 Service Pack 2\r\nMicrosoft .NET Framework 3.5\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 2.0 Service Pack 2\r\nMicrosoft .NET Framework 3.5\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 2.0 Service Pack 2\r\nMicrosoft .NET Framework 3.5\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Vista
Windows Vista Service Pack 1 Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 3.5\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Vista Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Vista x64 Edition Service Pack 1 Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 3.5\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Server 2008
Windows Server 2008 for 32-bit Systems** Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 3.5\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Server 2008 for 32-bit Systems Service Pack 2** Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Server 2008 for x64-based Systems** Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 3.5\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Server 2008 for x64-based Systems Service Pack 2** Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Server 2008 for Itanium-based Systems Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 3.5\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1\r\nMicrosoft .NET Framework 3.5 Service Pack 1\r\nMicrosoft .NET Framework 4.0
Windows 7
Windows 7 for 32-bit Systems Microsoft .NET Framework 3.5.1\r\nMicrosoft .NET Framework 4.0
Windows 7 for x64-based Systems Microsoft .NET Framework 3.5.1\r\nMicrosoft .NET Framework 4.0
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems* Microsoft .NET Framework 3.5.1\r\nMicrosoft .NET Framework 4.0
Windows Server 2008 R2 for Itanium-based systems Microsoft .NET Framework 3.5.1\r\nMicrosoft .NET Framework 4.0

\r\n*Server Core installation affected. This vulnerability applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option. For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.\r\n\r\n**Server Core installation not affected. This vulnerability does not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.\r\n\r\n