Neil Carpenter's Blog

Forefront products, WSUS, Security Incident Response, and whatever else comes up.

April, 2008

  • SQL Injection -- A Comment

    Kumar comments here and I think he has some questions/concerns that are worth addressing.  I'm going to add my own comments (and, please note, the comments I make here are my own and do not necessarily reflect Microsoft's corporate opinions). --...
  • Mass SQL Injection -- Get Used To It

    It looks like another wave of the mass SQL injection I talked about last month is going on.  The inserted link is different and, in the one specific incident I've seen, the source IP address is different; however, other than that, the attack looks...