Monday, November 29, 2010

Blocking Automated SQL Injection Attacks

SQL injection attacks have been increasing over the last three years, mainly because of automated tools. Since these automated attacks were first noticed in December 2007, very little has changed in the way that they work. Attackers use automated tools to query search engines for interesting URLs and then submit various SQL injection payloads to each. The goal is to inject malicious JavaScript into all string columns in SQL database tables.

Microsoft has provided guidance (http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx) and some tools (www.microsoft.com/technet/security/advisory/954462.mspx) to combat these attacks. Microsoft has also started tracking these automated SQL injection attacks during the last one year and provides the information in the Microsoft® Security Intelligence Report.

Today I would like discuss another technique that one can use to block automated SQL injection attacks against web applications that use Microsoft SQL Server® as the back-end processor. (Note: These attacks exploit vulnerabilities in web applications; there are no known security vulnerabilities in Microsoft SQL Server). Before I describe the technique, I would like to reiterate that using parameterized queries is the best way to mitigate SQL injection vulnerabilities in web applications. You can read this Quick Security Reference: SQL Injection that details various classes of SQL injection vulnerabilities and how to address them in the design, development, and testing phases.

Source : Microsoft Security Tips

Wednesday, November 24, 2010

Review: 2011 Volkswagen Jetta SEL

… a significant and obvious drop in the interior quality – even the non-VW faithful will notice how cheap the door panels look …

Volkswagen has long attempted to make hay from the perception that German automakers build driver's cars, but the 2011 Jetta is less so in any of the currently available U.S. trims

the seats are still widely adjustable, though less so compared to past Jettas

Electric power steering is numb and strangely weighted, like there's a coupling made of rubber bands somewhere.

Drivers looking for the old Jetta formula of near-premium feel for near-economy price will find the 2011 Jetta is Volkswagen's New Coke, though others will remind you that the updated formula actually tasted better. This new Jetta is a different flavor that appears to be more tasty to shoppers, despite leaving a bad taste in the mouths of the Jetta faithful.

Source : Autoblog

Updates for Internet Explorer 9 Beta

Today we released a recommended update for all Internet Explorer 9 Beta customers via Windows Update (KB2448827). This update includes stability fixes for the beta build. It is not a new Internet Explorer 9 Beta build. Another update shipped today (KB2452648) resolves issues between the IE9 send feedback feature on 64-bit machines with Windows-Live-Essentials 11.  These updates apply only to Internet Explorer 9 Beta.

Customers who have automatic updating enabled will not need to take any action because this update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871

Source : IEBlog

How to check a suspicious file : VirusTotal

www.virustotal.com will allow you to upload a file and check it against 43 antivirus engines. Oh and did I mentioned it is totally FREE !

Microsoft vs. McAfee: How free antivirus outperformed paid

How effective is free antivirus software? I had a chance to see a real, in-the-wild example just this month, and the results were, to put it mildly, unexpected. Microsoft’s free antivirus solution found and removed a threat that two well-known paid products missed.

Source : Ed Bott's Microsoft Report Blog RSS | ZDNet

Wednesday, November 03, 2010

Report: VW's Euro Jetta gets better interior, independent rear suspension [w/poll]

Our initial opinion of the 2011 Volkswagen Jetta went something like this; nice enough vehicle that still outpaces the Toyota Corolla and Honda Civic, but the cost-cutting is evident. Soft touch materials have been replaced with harder plastics that don't feel particularly good and almost look as bad. But the U.S. Jetta starts at a class-competitive $15,995, and chopping thousands off of an MSRP doesn't come without sacrifices. But will these cost-cutting measures fly in Europe, where a higher premium is placed on an upscale interior and sporting characteristics?
Fortunately for the folks overseas, they apparently won't have to worry about it. Automotive News reports that the Euro Jetta, which launches in March 2011, will feature a more upscale interior and a four-link independent rear suspension instead of the lower cost 'built for comfort' beam axle setup we have in the U.S.-spec sedan. Source : Autoblog

I envy them :-(

Source : www.autoblog.com

Tuesday, November 02, 2010

The next front in the cookie wars: Fighting the Evercookie

Web-browser cookies, you either love or hate them. There is no in between. Well, get ready to be either more in love or more upset. Read more

Source : Micheal Kassner (TechTepublic.com)