So, this new amazing vulnerability has been making it's rounds this week and Microsoft has released some official information about it ( http://www.microsoft.com/security/incident/aspnet.mspx ). Just a few thoughts on this- 1. I think this exploit wins the prize for being the cheesiest I have seen in a long time, I mean, it doesn't really take a technical genious to switch a '/' to a '\'.. 2. Building on the last thought - what on earth were the msoft developers thinking???? Come on guys, could you help us out a little bit here? 3. And finally, I was going to write something here about how long this one has probably been known by all the Asshats out there, but I don't even want to think about it. Its Friday and I'm going for beer - have fun installing urlscan/aspnet modules this weekend :)