Thought I would spread the word: there's a particularly nasty vulnerability that was discovered in BlogEngine.NET (the blog engine I use on this site). A patch is available via either a patch file or a complete code download (BlogEngine.NET is an open source project), though the patch link wasn't working when I tried it. I got the whole download instead and re-compiled the necessary changes. So, my site is patched and no longer vulnerable to that particular attack anyway.

You have to give the development team of BlogEngine some credit--they jumped on the problem fairly quickly and made a fix available. As a software engineer myself I know all too well how easy it is to let such things slip by. We recently had the issue of SQL injection attacks brought up in my development team; fortunately we had our bases covered on this one. But, as a precaution, we're going through a full security audit of our entire code base. One can never be too careful these days.

Critical Security Patch Available