Category: Security
-
Suspected Trojan or Virus qxty9be.cmd
Suspected Trojan is messing up my PC at this very moment[more] I attached my portable drive to a computer that didn't have antivirus today. The computer was working fine (at least as it seems) but I found a certain "autorun.inf" and "qxty9be.cmd" in that diks afterwards. I scanned the disk and Symantec didn't see anything!…
-
WindowsPrincipal.IsInRole doesn’t reflect changes until restart
Just an observation sometime ago that if you create a new Windows Role and add a user to it and create a WindowsPrincipal using that user, the IsInRole method doesn't reflect the membership change made until a restart is made. [more] For example, given the code below (Console Application project) using System; using System.Collections.Generic; using…
-
Lost Internet Access due to ZoneAlarm and Microsoft Update KB951748
I ran into this issue a while ago where I lost internet access connection after installing a windows update and turns out to be because of my ZoneAlarm installation. [more] Overview: Microsoft Update KB951748 is known to cause loss of internet access for ZoneAlarm users on Windows XP/2000. Windows Vista users are not affected. Impact…
-
The Microsoft Source Code Analyzer for SQL Injection tool
Microsoft released The Microsoft Source Code Analyzer for SQL Injection tool (for ASP code) is available to find SQL injection vulnerabilities [more] The Microsoft Source Code Analyzer for SQL Injection tool is a static code analysis tool that helps you find SQL injection vulnerabilities in Active Server Pages (ASP) code. This article describes how to…
-
My Verisign SSL Certificate Application Experience
I do have an idea about SSL, certificates and related security concepts but in my previous works, it was someone else (client IT) who did the preparation, request and installation of SSL certificates until lately when I had to do it myself. I also had experience with trial and self signed certificates but still some…
-
Privacy in sending email to mailing list (BCC)
I think most people should know this already although I'm not quite sure about that so posting anyways. Most often than not I receive emails being sent to mailing lists where the the individual recipients don't really know each other or even if they do they might not necessarily want the other recipients of their…
-
Browsing Security with NoScript
While working (or actually just playing around) with the infamous SQL injection attacks seen around lately I think it should be worth mentioning that being a developer browser and your own PCs security security is also important or as important as securing your web servers and databases. [more] Since the some (most) of the variants…
-
sp_executesql error with DDL statements (preventing SQL injection)
One of the requirement for an application I'm currently working on is for the end user of a web application/site to be able to create objects in the database. There are a number of objects that must be created or manipulated but for the sake of simplicity let's take for example creating a table with…
-
SQL injection attacks – banner82 script
UPDATE (6/19/2008) : For both IT people and end users please spend time reading through (if not here then at least from other sites, just be sure you are aware nevertheless) if you aren't that aware yet since this exploit has been continually spreading despite numerous warnings already made in the web. For developers, please…
-
Link: Recent SQL Injection Attacks
I figured this would be a good reminder. I've known some people who would have thought just because they create client side validators and use stored procedures they are no longer vulnerable to SQL injection attacks. Ready the full article from the link below and it will contain links on how to protect yourself from…