Looks like the misreporting of the mass SQL injection attack continues. The exploit is associated with MS SQL Server, not IIS or ASP. It’s confusing because most people run the full Microsoft stack, but the exploit will work against any site that does not prevent SQL injection and uses MS SQL as its database. [...]
Mass SQL injection update
April 28th, 2008 · No Comments
Tags: · security, Web development
Mass SQL Injection attack
April 27th, 2008 · 3 Comments
I’ve been reading up on the mass SQL injection attack launched against servers running IIS and MS SQL Server last week. That article is a bit out of date, as the problem turned out not to be a security hole in IIS but rather security holes in the Web applications themselves. The script that compromised [...]
Tags: · security
Links for April 14
April 14th, 2008 · No Comments
Datawocky: The story behind Google’s crawler upgrade. How Google is crawling data accessible only through forms. Ars Technica: Red light camera monkey business may be a national trend. More on short yellow lights designed to result in red light camera tickets. Wide Awake Developers: Amazon Blows Away Objections. How Amazon is expanding the capabilities of its [...]
Tags: · Amazon.com, cloud computing, economics, Google, hosting, links, programming, search, security
Links for April 9
April 9th, 2008 · 3 Comments
Stephen O’Grady: Clouds Rolling In: The Google App Engine Q&A. Great rundown. Bruce Schneier: The Feeling and Reality of Security. Understanding the differences and how to manage them is the key to successful security policy. FP Passport: The Olympic torch’s mysterious companions. The torch escorts are members of a paramilitary group sponsored by the Chinese government. Their [...]
Tags: · Google, human rights, links, politics, python, scalability, security, sports, Web development
Links for April 8
April 8th, 2008 · No Comments
gourmet.com: Betting the Farm. Great article on agriculture policy and how one family farm in South Dakota is bucking the trend of cashing in on ethanol money and government subsidies. Rogers Cadenhead: Washington Post Wins Another Phony Pulitzer. I loved the Washington Post article about the violinist planted in the DC subway, but Rogers argues that [...]
Tags: · blogs, food, Google, hosting, links, media, politics, python, scalability, security, spam, sports, TV, Web development, WordPress
Links for April 7
April 7th, 2008 · No Comments
Scott Horton: Worst. President. Ever. What interests me most about the list is that every President other than Bush (43) who could be described as the worst ever was a single termer. Bush’s main competition, Millard Fillmore, was not elected in the first place (he took over for Zachary Taylor, who died after 16 months [...]
Tags: · education, history, links, politics, security, terrorism
Links for March 25
March 25th, 2008 · 2 Comments
Los Angeles Times: The Kareem Abdul-Jabbar Blog. One of your more erudite former athletes. Bruce Schneier: The Security Mindset. I envy it, but it’s not how my mind works. The American Prospect: The Obama Doctrine. An attempt to discern Barack Obama’s general philosophy on foreign policy. Jim Henley: Henley Everywhere 2008alt. When you were as right as he [...]
Tags: · blogs, history, links, management, phone, politics, security, sports, war
Links for March 12th
March 13th, 2008 · 1 Comment
Jon Udell interviews Ward Cunningham about how the Eclipse portal exposes its innter workings by way of reports on test results, and the advantages the resulting transparency provides. Really, really interesting stuff. Bruce Schneier discusses a report on the lack of security in implantable medical devices that provide [...]
Tags: · browsers, music, security, software development, testing, WordPress
Bruce Schneier runs an open wireless network
January 16th, 2008 · 3 Comments
Bruce Schneier explains why he runs an open wireless network. I leave mine open as well, so it’s nice to know I’m in good company.
Tags: · security