John Downey presented information on the recent vulnerability in ASP.NET.
File:Padding Oracle Vulnerabilities.pdf