Welcome to TechNet Blogs
Sign in
|
Join
|
Help
Neil Carpenter's Blog
Forefront products, WSUS, Security Incident Response, and whatever else comes up.
This Blog
Email
Syndication
RSS 2.0
Atom 1.0
Search
Tags
Antigen
ASP
asp.net
Forefront
FSSMC
General
humor
Incident Response
iphone
Mobile
Networking
Security
SQL
Tool
Archives
October 2008 (2)
August 2008 (2)
July 2008 (3)
June 2008 (1)
May 2008 (4)
April 2008 (2)
March 2008 (3)
August 2007 (2)
July 2007 (2)
June 2007 (2)
October 2004 (3)
June 2004 (4)
About Me
Bio
Disclaimer
Browse by Tags
All Tags
»
SQL
(RSS)
ASP
asp.net
Incident Response
Security
Tool
Friday, October 31, 2008 4:07 PM
SQL Injection Hijinks
or Why I Keep Harping On Blacklisting Summary: An incident reveals attempts to get around blacklisting by manipulating behavior in ASP, illustrating the weakness of blacklist approaches. A new version of UrlScan is shipping today with a change specifically
Posted by
neilcar
|
1 Comments
Filed under:
Security
,
Incident Response
,
SQL
,
ASP
,
Tool
Thursday, August 07, 2008 2:11 PM
Input Validation Is Not The Answer
I just sent a piece of e-mail to my team about input validation and SQL injection and it occurred to me that I've been meaning to get into this here, too: If you're trying to solve a SQL injection problem, input validation is NOT the answer! There, I've
Posted by
neilcar
|
2 Comments
Filed under:
Security
,
SQL
Wednesday, June 04, 2008 5:13 PM
SQL Storm: Possible ASP.Net
I’ve had an unconfirmed report that the SQL Storm attacks are now also affecting ASP.Net pages, specifically with a URL of http://www.chliyi.com/m.js (this appears to be offline currently but I wouldn't suggest browsing there...) being injected
Posted by
neilcar
|
0 Comments
Filed under:
Security
,
SQL
,
asp.net
Friday, May 30, 2008 12:17 PM
SQL Injection: Trends & Guidance
I've been working with the SWI team to write a comprehensive overview of the SQL Storm attacks with guidance for IT administrators, developers, and end users. That article is posted at sql-injection-attack.aspx . For developers, specifically, Bala
Posted by
neilcar
|
0 Comments
Filed under:
Security
,
SQL
,
ASP
Tuesday, May 27, 2008 1:51 PM
SQLInjectionFinder
My colleague Greg , who has forgotten more about command line scripting than I will ever know, put together a sample on CodePlex that automates finding SQL injection attacks from the ongoing mass SQL injection attack ("SQL Storm", as I saw it
Posted by
neilcar
|
0 Comments
Filed under:
Security
,
Incident Response
,
SQL
,
Tool
Friday, May 23, 2008 12:18 PM
SQL Injection Mitigation: Using Parameterized Queries part 2 (types and recordsets)
(Part 1 is here ) Previously, I provided a simple example of using parameterized queries in classic ASP; however, that sample lacked a few things such as explicit typing for the parameters. It also created a read-only ADODB.RecordSet which, obviously,
Posted by
neilcar
|
10 Comments
Filed under:
Security
,
SQL
,
ASP
Wednesday, May 21, 2008 9:05 AM
SQL Injection Mitigation: Using Parameterized Queries
Michael Howard wrote an excellent article yesterday on how the SDL addresses SQL injection . He walks through three coding requirements/defenses: Use SQL Parameterized Queries Use Stored Procedures Use SQL Execute-only Permissions As Michael points out,
Posted by
neilcar
|
15 Comments
Filed under:
Security
,
SQL
,
ASP
Monday, April 07, 2008 10:51 AM
SQL Injection -- A Comment
Kumar comments here and I think he has some questions/concerns that are worth addressing. I'm going to add my own comments (and, please note, the comments I make here are my own and do not necessarily reflect Microsoft's corporate opinions). ---------------------------------------------------------------------------------------
Posted by
neilcar
|
1 Comments
Filed under:
Security
,
Incident Response
,
SQL
Friday, April 04, 2008 2:00 PM
Mass SQL Injection -- Get Used To It
It looks like another wave of the mass SQL injection I talked about last month is going on. The inserted link is different and, in the one specific incident I've seen, the source IP address is different; however, other than that, the attack looks
Posted by
neilcar
|
0 Comments
Filed under:
Security
,
Incident Response
,
SQL
Saturday, March 15, 2008 9:18 PM
Anatomy of a SQL Injection Incident, Part 2: Meat
Intro It would appear that the incident I wrote about yesterday is still ongoing. I've been using a search engine to query for the *.js file that's being injected and it looks something like this: Wednesday: 10K hits (This is Avert's number. I didn't
Posted by
neilcar
|
15 Comments
Filed under:
Security
,
Incident Response
,
SQL
Friday, March 14, 2008 4:19 PM
Anatomy of a SQL Injection Incident
A number of people are reporting that 10K+ websites have been hacked via a SQL injection attack that injected a link to a malicious .js file into text fields in their database. For example, here's Avert Labs report . The reports that I've seen talk about
Posted by
neilcar
|
15 Comments
Filed under:
Security
,
Incident Response
,
SQL
