Welcome to TechNet Blogs
Sign in
|
Join
|
Help
Neil Carpenter's Blog
Forefront products, WSUS, Security Incident Response, and whatever else comes up.
This Blog
Email
Syndication
RSS 2.0
Atom 1.0
Search
Tags
Antigen
ASP
asp.net
Forefront
FSSMC
General
humor
Incident Response
iphone
Mobile
Networking
Security
SQL
Tool
Archives
October 2008 (2)
August 2008 (2)
July 2008 (3)
June 2008 (1)
May 2008 (4)
April 2008 (2)
March 2008 (3)
August 2007 (2)
July 2007 (2)
June 2007 (2)
October 2004 (3)
June 2004 (4)
About Me
Bio
Disclaimer
Browse by Tags
All Tags
»
Incident Response
(RSS)
ASP
Networking
Security
SQL
Tool
Friday, October 31, 2008 4:07 PM
SQL Injection Hijinks
or Why I Keep Harping On Blacklisting Summary: An incident reveals attempts to get around blacklisting by manipulating behavior in ASP, illustrating the weakness of blacklist approaches. A new version of UrlScan is shipping today with a change specifically
Posted by
neilcar
|
1 Comments
Filed under:
Security
,
Incident Response
,
SQL
,
ASP
,
Tool
Tuesday, May 27, 2008 1:51 PM
SQLInjectionFinder
My colleague Greg , who has forgotten more about command line scripting than I will ever know, put together a sample on CodePlex that automates finding SQL injection attacks from the ongoing mass SQL injection attack ("SQL Storm", as I saw it
Posted by
neilcar
|
0 Comments
Filed under:
Security
,
Incident Response
,
SQL
,
Tool
Monday, April 07, 2008 10:51 AM
SQL Injection -- A Comment
Kumar comments here and I think he has some questions/concerns that are worth addressing. I'm going to add my own comments (and, please note, the comments I make here are my own and do not necessarily reflect Microsoft's corporate opinions). ---------------------------------------------------------------------------------------
Posted by
neilcar
|
1 Comments
Filed under:
Security
,
Incident Response
,
SQL
Friday, April 04, 2008 2:00 PM
Mass SQL Injection -- Get Used To It
It looks like another wave of the mass SQL injection I talked about last month is going on. The inserted link is different and, in the one specific incident I've seen, the source IP address is different; however, other than that, the attack looks
Posted by
neilcar
|
0 Comments
Filed under:
Security
,
Incident Response
,
SQL
Saturday, March 15, 2008 9:18 PM
Anatomy of a SQL Injection Incident, Part 2: Meat
Intro It would appear that the incident I wrote about yesterday is still ongoing. I've been using a search engine to query for the *.js file that's being injected and it looks something like this: Wednesday: 10K hits (This is Avert's number. I didn't
Posted by
neilcar
|
15 Comments
Filed under:
Security
,
Incident Response
,
SQL
Friday, March 14, 2008 4:19 PM
Anatomy of a SQL Injection Incident
A number of people are reporting that 10K+ websites have been hacked via a SQL injection attack that injected a link to a malicious .js file into text fields in their database. For example, here's Avert Labs report . The reports that I've seen talk about
Posted by
neilcar
|
15 Comments
Filed under:
Security
,
Incident Response
,
SQL
Thursday, July 05, 2007 5:20 PM
Detecting ARP Spoofing Attacks
After investigating an ARP spoofing incident recently, I started thinking of how we could easily ferret out this sort of information when responding to a potential incident. In this particular case, there were two important parts of the attack: ARP spoofing
Posted by
neilcar
|
3 Comments
Filed under:
Networking
,
Security
,
Incident Response
Thursday, June 28, 2007 9:53 AM
ARP Cache Poisoning Incident
I recently worked on an interesting incident response with several of my colleagues. The problem, as defined by the customer, is that the following code is being injected into some websites (both external and internal to his environment) that his users
Posted by
neilcar
|
6 Comments
Filed under:
Networking
,
Security
,
Incident Response
