Quantcast
Channel: Neil Carpenter's Blog
Browsing latest articles
Browse All 28 View Live

SQL Injection: Trends & Guidance

I’ve been working with the SWI team to write a comprehensive overview of the SQL Storm attacks with guidance for IT administrators, developers, and end users.  That article is posted at...

View Article



SQL Storm: Possible ASP.Net

I’ve had an unconfirmed report that the SQL Storm attacks are now also affecting ASP.Net pages, specifically with a  URL of http://www.chliyi.com/m.js (this appears to be offline currently but I...

View Article

Antigen 9.1 Hotfix Rollup 3 and Performance Monitor

While investigating an issue where mail was queuing in the Exchange Information Store, we discovered an issue that affects customers running Antigen 9.1 Hotfix Rollup 3 when there are performance...

View Article

Does This Make Me A Fanboy?

I upgraded my iPhone to the 2.0 firmware today and I’ve been playing with the app store all day.  It’s pretty neat stuff. Since I’m on a conference call tonight but I’m only here in an...

View Article

Forefront Server Security Management Console, Templates, and Revisions

Sometimes, working in support, you come across a best practice or a bit of knowledge that is well-known to some people…but that bit of knowledge has never actually been documented.  Today was one of...

View Article


Input Validation Is Not The Answer

I just sent a piece of e-mail to my team about input validation and SQL injection and it occurred to me that I’ve been meaning to get into this here, too: If you’re trying to solve a SQL injection...

View Article

Err

I might be the last person to know this but one of my favorite internal Microsoft tools is now external.  Err.exe is a command-line tool that looks up error codes and spits out possible matches from...

View Article

PASSGEN

Occasionally, I see a security incident where one of the things that went wrong was that all of the customer’s machines have the same password for the built-in administrator’s account.  Whenever this...

View Article


SQL Injection Hijinks

or Why I Keep Harping On Blacklisting   Summary: An incident reveals attempts to get around blacklisting by manipulating behavior in ASP, illustrating the weakness of blacklist approaches. A new...

View Article


Image may be NSFW.
Clik here to view.

Incident Response: The Importance of Anti-Virus

Heading home from the CSS Security Global Summit on Friday, I got stuck in Cincinnati’s airport.  While walking through baggage claim, I saw this displayed on the arrivals board: (I didn’t have a...

View Article
Browsing latest articles
Browse All 28 View Live




Latest Images