Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

Monday, November 23, 2009 12:17 PM

Incident Response: The Importance of Anti-Virus

Heading home from the CSS Security Global Summit on Friday, I got stuck in Cincinnati’s airport. While walking through baggage claim, I saw this displayed on the arrivals board: (I didn’t have a proper camera with me so, if that’s hard to read, it’s a
Posted by neilcar | 0 Comments
Friday, October 31, 2008 4:07 PM

SQL Injection Hijinks

or Why I Keep Harping On Blacklisting Summary: An incident reveals attempts to get around blacklisting by manipulating behavior in ASP, illustrating the weakness of blacklist approaches. A new version of UrlScan is shipping today with a change specifically
Posted by neilcar | 1 Comments
Wednesday, October 22, 2008 2:52 PM

PASSGEN

Occasionally, I see a security incident where one of the things that went wrong was that all of the customer's machines have the same password for the built-in administrator's account.  Whenever this happens, I suggest the PASSGEN tool that was included
Posted by neilcar | 2 Comments
Filed under: ,
Tuesday, August 12, 2008 10:10 PM

Err

I might be the last person to know this but one of my favorite internal Microsoft tools is now external. Err.exe is a command-line tool that looks up error codes and spits out possible matches from various header files. This is invaluable when you're
Posted by neilcar | 0 Comments
Filed under:
Thursday, August 07, 2008 2:11 PM

Input Validation Is Not The Answer

I just sent a piece of e-mail to my team about input validation and SQL injection and it occurred to me that I've been meaning to get into this here, too: If you're trying to solve a SQL injection problem, input validation is NOT the answer! There, I've
Posted by neilcar | 2 Comments
Filed under: ,
Friday, July 11, 2008 4:57 PM

Forefront Server Security Management Console, Templates, and Revisions

Sometimes, working in support, you come across a best practice or a bit of knowledge that is well-known to some people...but that bit of knowledge has never actually been documented. Today was one of those days. While working in an environment with multiple
Posted by neilcar | 0 Comments
Filed under: , ,
Thursday, July 10, 2008 11:21 PM

Does This Make Me A Fanboy?

I upgraded my iPhone to the 2.0 firmware today and I've been playing with the app store all day. It's pretty neat stuff. Since I'm on a conference call tonight but I'm only here in an advisory/observational way, I put my phone on mute and kept playing
Posted by neilcar | 0 Comments
Filed under: ,
Wednesday, July 09, 2008 3:56 PM

Antigen 9.1 Hotfix Rollup 3 and Performance Monitor

While investigating an issue where mail was queuing in the Exchange Information Store, we discovered an issue that affects customers running Antigen 9.1 Hotfix Rollup 3 when there are performance monitoring tools such as Perfmon, Perfwiz, and the MOM
Posted by neilcar | 0 Comments
Filed under: ,
Wednesday, June 04, 2008 5:13 PM

SQL Storm: Possible ASP.Net

I’ve had an unconfirmed report that the SQL Storm attacks are now also affecting ASP.Net pages, specifically with a  URL of http://www.chliyi.com/m.js (this appears to be offline currently but I wouldn't suggest browsing there...) being injected
Posted by neilcar | 0 Comments
Filed under: , ,
Friday, May 30, 2008 12:17 PM

SQL Injection: Trends & Guidance

I've been working with the SWI team to write a comprehensive overview of the SQL Storm attacks with guidance for IT administrators, developers, and end users.  That article is posted at sql-injection-attack.aspx . For developers, specifically, Bala
Posted by neilcar | 0 Comments
Filed under: , ,
Tuesday, May 27, 2008 1:51 PM

SQLInjectionFinder

My colleague Greg , who has forgotten more about command line scripting than I will ever know, put together a sample on CodePlex that automates finding SQL injection attacks from the ongoing mass SQL injection attack ("SQL Storm", as I saw it
Posted by neilcar | 0 Comments
Friday, May 23, 2008 12:18 PM

SQL Injection Mitigation: Using Parameterized Queries part 2 (types and recordsets)

(Part 1 is here ) Previously, I provided a simple example of using parameterized queries in classic ASP; however, that sample lacked a few things such as explicit typing for the parameters. It also created a read-only ADODB.RecordSet which, obviously,
Posted by neilcar | 10 Comments
Filed under: , ,
Wednesday, May 21, 2008 9:05 AM

SQL Injection Mitigation: Using Parameterized Queries

Michael Howard wrote an excellent article yesterday on how the SDL addresses SQL injection . He walks through three coding requirements/defenses: Use SQL Parameterized Queries Use Stored Procedures Use SQL Execute-only Permissions As Michael points out,
Posted by neilcar | 15 Comments
Filed under: , ,
Monday, April 07, 2008 10:51 AM

SQL Injection -- A Comment

Kumar comments here and I think he has some questions/concerns that are worth addressing.  I'm going to add my own comments (and, please note, the comments I make here are my own and do not necessarily reflect Microsoft's corporate opinions). ---------------------------------------------------------------------------------------
Posted by neilcar | 1 Comments
Friday, April 04, 2008 2:00 PM

Mass SQL Injection -- Get Used To It

It looks like another wave of the mass SQL injection I talked about last month is going on.  The inserted link is different and, in the one specific incident I've seen, the source IP address is different; however, other than that, the attack looks
Posted by neilcar | 0 Comments
More Posts Next page »
 
Page view tracker