I’m sitting in a hotel room in Little Rock, Arkansas preparing for a user group meeting tonight. This morning I flew Southwest Airlines for the first time. The pilot got on the P.A. system before we took off and said this:

Good morning, ladies and gentlemen, and thanks for flying Southwest Airlines. Your copilot and I arrived at the gate this morning and were delighted to find the three most beautiful flight attendants at Southwest Airlines waiting for us. Unfortunately, they were assigned to another flight.

I almost fell out of my seat laughing at the looks on the faces of the flight attendants on our flight!

The Internet is abuzz right now with news of a security exploit that has been discovered in ASP.NET. The exploit is very real, is simple to perform, and has potentially serious consequences. It enables hackers to view pages protected by ASP.NET forms authentication without logging in. I don’t want to document the exploit here because I don’t want to make it too easy for hackers to figure out exactly what the exploit is, but I’ll be sending a detailed synopsis out to Wintellect newsletter subscribers. In the meantime, see http://support.microsoft.com/?kbid=887459 for some simple code you can add to Global.asax to thwart the exploit.