Welcome to TechNet Blogs
Sign in
|
Join
|
Help
Neil Carpenter's Blog
Forefront products, WSUS, Security Incident Response, and whatever else comes up.
This Blog
Email
Syndication
RSS 2.0
Atom 1.0
Search
Go
Tags
Antigen
ASP
asp.net
Forefront
FSSMC
General
humor
Incident Response
iphone
Mobile
Networking
Security
SQL
Tool
Archives
August 2008 (2)
July 2008 (3)
June 2008 (1)
May 2008 (4)
April 2008 (2)
March 2008 (3)
August 2007 (2)
July 2007 (2)
June 2007 (2)
October 2004 (3)
June 2004 (4)
About Me
Bio
Disclaimer
Browse by Tags
All Tags
»
Security
(RSS)
ASP
asp.net
humor
Incident Response
Networking
SQL
Tool
Thursday, August 07, 2008 2:11 PM
Input Validation Is Not The Answer
I just sent a piece of e-mail to my team about input validation and SQL injection and it occurred to me that I've been meaning to get into this here, too: If you're trying to solve a SQL injection problem, input validation is NOT the answer! There, I've
Posted by
neilcar
|
1 Comments
Filed under:
Security
,
SQL
Wednesday, June 04, 2008 5:13 PM
SQL Storm: Possible ASP.Net
I’ve had an unconfirmed report that the SQL Storm attacks are now also affecting ASP.Net pages, specifically with a URL of http://www.chliyi.com/m.js (this appears to be offline currently but I wouldn't suggest browsing there...) being injected
Posted by
neilcar
|
0 Comments
Filed under:
asp.net
,
Security
,
SQL
Friday, May 30, 2008 12:17 PM
SQL Injection: Trends & Guidance
I've been working with the SWI team to write a comprehensive overview of the SQL Storm attacks with guidance for IT administrators, developers, and end users. That article is posted at sql-injection-attack.aspx . For developers, specifically, Bala
Posted by
neilcar
|
0 Comments
Filed under:
ASP
,
Security
,
SQL
Tuesday, May 27, 2008 1:51 PM
SQLInjectionFinder
My colleague Greg , who has forgotten more about command line scripting than I will ever know, put together a sample on CodePlex that automates finding SQL injection attacks from the ongoing mass SQL injection attack ("SQL Storm", as I saw it
Posted by
neilcar
|
0 Comments
Filed under:
Incident Response
,
Security
,
SQL
,
Tool
Friday, May 23, 2008 12:18 PM
SQL Injection Mitigation: Using Parameterized Queries part 2 (types and recordsets)
(Part 1 is here ) Previously, I provided a simple example of using parameterized queries in classic ASP; however, that sample lacked a few things such as explicit typing for the parameters. It also created a read-only ADODB.RecordSet which, obviously,
Posted by
neilcar
|
8 Comments
Filed under:
ASP
,
Security
,
SQL
Wednesday, May 21, 2008 9:05 AM
SQL Injection Mitigation: Using Parameterized Queries
Michael Howard wrote an excellent article yesterday on how the SDL addresses SQL injection . He walks through three coding requirements/defenses: Use SQL Parameterized Queries Use Stored Procedures Use SQL Execute-only Permissions As Michael points out,
Posted by
neilcar
|
13 Comments
Filed under:
ASP
,
Security
,
SQL
Monday, April 07, 2008 10:51 AM
SQL Injection -- A Comment
Kumar comments here and I think he has some questions/concerns that are worth addressing. I'm going to add my own comments (and, please note, the comments I make here are my own and do not necessarily reflect Microsoft's corporate opinions). ---------------------------------------------------------------------------------------
Posted by
neilcar
|
1 Comments
Filed under:
Incident Response
,
Security
,
SQL
Friday, April 04, 2008 2:00 PM
Mass SQL Injection -- Get Used To It
It looks like another wave of the mass SQL injection I talked about last month is going on. The inserted link is different and, in the one specific incident I've seen, the source IP address is different; however, other than that, the attack looks
Posted by
neilcar
|
0 Comments
Filed under:
Incident Response
,
Security
,
SQL
Thursday, March 20, 2008 5:50 PM
Good News
The good news is that, whatever else might happen, these guys won't get pwned by SQL injection. (Via GrumpySecurityGuy .)
Posted by
neilcar
|
0 Comments
Filed under:
humor
,
Security
Saturday, March 15, 2008 9:18 PM
Anatomy of a SQL Injection Incident, Part 2: Meat
Intro It would appear that the incident I wrote about yesterday is still ongoing. I've been using a search engine to query for the *.js file that's being injected and it looks something like this: Wednesday: 10K hits (This is Avert's number. I didn't
Posted by
neilcar
|
14 Comments
Filed under:
Incident Response
,
Security
,
SQL
Friday, March 14, 2008 4:19 PM
Anatomy of a SQL Injection Incident
A number of people are reporting that 10K+ websites have been hacked via a SQL injection attack that injected a link to a malicious .js file into text fields in their database. For example, here's Avert Labs report . The reports that I've seen talk about
Posted by
neilcar
|
14 Comments
Filed under:
Incident Response
,
Security
,
SQL
Wednesday, August 15, 2007 4:13 PM
LogParser, Event Logs, and Vista
LogParser is one of my absolute favorite tools, particularly for doing incident response. I use it a lot to extract and order data into a timeline (hmmm...that's a good topic for a future post). When I moved to Vista, I found one annoyance, though. The
Posted by
neilcar
|
3 Comments
Filed under:
Security
Thursday, July 05, 2007 5:20 PM
Detecting ARP Spoofing Attacks
After investigating an ARP spoofing incident recently, I started thinking of how we could easily ferret out this sort of information when responding to a potential incident. In this particular case, there were two important parts of the attack: ARP spoofing
Posted by
neilcar
|
3 Comments
Filed under:
Incident Response
,
Networking
,
Security
Thursday, June 28, 2007 9:53 AM
ARP Cache Poisoning Incident
I recently worked on an interesting incident response with several of my colleagues. The problem, as defined by the customer, is that the following code is being injected into some websites (both external and internal to his environment) that his users
Posted by
neilcar
|
6 Comments
Filed under:
Incident Response
,
Networking
,
Security
