Neil Carpenter's Blog

Forefront products, WSUS, Security Incident Response, and whatever else comes up.

August, 2008

  • Err

    I might be the last person to know this but one of my favorite internal Microsoft tools is now external. Err.exe is a command-line tool that looks up error codes and spits out possible matches from various header files. This is invaluable when you're...
  • Input Validation Is Not The Answer

    I just sent a piece of e-mail to my team about input validation and SQL injection and it occurred to me that I've been meaning to get into this here, too: If you're trying to solve a SQL injection problem, input validation is NOT the answer! There, I...