UPDATE (6/19/2008) : For both IT people and end users please spend time reading through (if
not here then at least from other sites, just be sure you are aware
nevertheless) if you aren't that aware yet since this exploit has been
continually spreading despite numerous warnings already made in the
web. For developers, please feel free to comment, add or correct any information you think would further benefit others. For end users, I would still recommend knowing about more about this issue, how to protect yourself and stop yourself from being part of spreading it. Link to the following section might be of interest to you : browser and anti spy software
UPDATE (6/27/2008) : Came across Scrawlr an SQL Injection Detection Tool from HP that is available for free. There probably are other tools available (better) but this is the one I ran into so far. Also a tool named UrlScan from Microsoft TechNet was suggested by Jax (see comments). It can be used to screen/limit request information being sent to your site, the same way that http.sys does for IIS6 or later. You want to have a look.
There seems to be a number of SQL injection attacks happening lately involving adding of <script with banner82.org/b.js, adword71.com/b.js (and the likes ) to entries under string/text/varchar columns in the database targetting ASP (classic/3.0) sites and SQL Server. Note, they need not know your table or column names to mess up with you.
I definitely do not wish to play cops and robbers here but I wish to contribute a little on this. There are a number of articles on this (read along) and even more for preventing/cleaning
SQL injection and other related exploits such as cross-site scripting so help yourself. :D More...
I would not even pretend to be all knowing here but I couldn't stop myself from sharing this chain of interesting links which should remind all of us of the dangers of abusing UpdatePanels thinking that using it in any way will make our old non asynchronous pages work like magic. More...
You might encounter a case where updating an ASP (classic/3.0) cookie from ASP.NET code (or vice versa) doesn't work. That is despite updating the cookie value, the old value still remains. More...
We needed a library for creating and managing ZIP files and fortunately for us there is DotNetZip which I have encountered previously when going around CodePlex (as I use to do when there is a little free time). More...
Found this article from Microsoft Research Team. Delaying Data Could Cut Net's Carbon Footprint
It's good to see how bigger companies do their part for the environment. Besides they won't only be doing that but also help save companies from saving a lot and thus allocating more resources on more important things than wasted energy.
And so should we.
I ran into this behavior (which I think is weird) where a button no longer posts back to ther server after I click on a the Firefox's back button. More...