Ummm
Or, alternately, I can impersonate someone at all their online locations by simply borrowing their phone for a few minutes ?
Not a good plan.
1474 publicly visible posts • joined 12 Jun 2009
Maybe his company should be running their install packages through a gauntlet of popular virus scanners prior to release. This would be good practice anyway, and fairly cheap for even a small company as long as it actually makes money.
Or he could just moan and stamp his feet on his blog...
http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx:
"the ASP.Net application stores ... passwords or database connection strings, in the ViewState object ... The ViewState object is encrypted and sent to the client"
!?!?!?!?!?!?!?!?
'What were they thinking' springs to mind.