[ergo98]

That's a nice shtick (the defensive bit was my favourite addition). It's also facile.

They specifically detailed that it's an AES cookie encryption attack, yet you're acting like I'm going on a limb saying that?

[wglb]

So it isn't exactly an AES Cookie Encryption Attack, it is actually worse: http://www.ekoparty.org/juliano-rizzo-2010.php

The most significant new discovery is an universal Padding Oracle affecting every ASP.NET web application. In short, you can decrypt cookies, view states, form authentication tickets, membership password, user data, and anything else encrypted using the framework's API!

[wglb]

Where did they specifically detail that it is an AES cookie encryption attack?

[tptacek]

They didn't; this commenter has decided that he can easily infer the details of a presentation he hasn't seen from how it's reported in the trade press.