SEARCH RESULTS
 
Showing 1-10 of 151 records
 
Expand article

SQL Server - Fact Checking Recent Vulnerability History

2008-03-05 22:53:36 by jrjones in Jeff Jones Security Blog
 
...SQL Server had "... most vulnerabilities last year of any commercial database..." That is a big error, though it may be a misquote or a miscommunication. Certainly, if you go look at the current version of the original article , the incorrect statement has been removed However, given that as of today, some versions of the article containing...
 
Tags: server, claim sql server, sql, sql server team, sql vulnerabilities, vulnerabilities, sql server, vulnerability, sql team
 
 
 
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...SQL injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic so it could compromise as many database servers as possible. While the attack was a SQL injection attack that attacked and compromised back-end databases courtesy of vulnerable Web pages, from a user's perspective the real...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability
 
 
 
 
Expand article

New Security Tools for IIS and SQL

2008-06-25 21:45:45 by jrjones in Jeff Jones Security Blog
 
...SQL injection attacks UrlScan 3.0 Beta ( see Wade Hilmo's blog for more ), a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan helps prevent potentially harmful requests Microsoft Source Code Analyzer for SQL Injection (MSCASI) CTP (...
 
Tags: sdl blog post, blog, sql injection, sql injection attack, injection attacks, sql injection attacks, security blog, defense blog, sdl blog
 
 
 
 
Expand article

Smells Like a Copycat SQL Injection In the Wild

The Article has images
2008-07-28 05:51:23 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...SQL injections , that as a matter of fact remain ongoing, copycats taking advantage of the very same SQL injection tools using public search engine's indexes as a reconnaissance tools, are also starting to take advantage of localized and targeted attacks , attacking specific online communities. Among these is mx.content-type.cn /day.js using...
 
Tags: sql, tools, sql injection tools, massive sql injections, attacks, sql injection attacks, sql injection, massive sql injection, site sql
 
 
 
 
Expand article

SQL Injection Defense Tools

2008-06-24 16:43:00 by sdl in The Security Development Lifecycle
 
...SQL injection defense guidelines. The SDL requires guidance and education for end-users, and tools to verify security settings are highly recommended, as defined in " Stage 5: Implementation Phase: Creating Documentation and Tools for Users that Address Security and Privacy ". Today, Microsoft is releasing two new SQL injection defense and...
 
Tags: source code, complete source code, tools, source, source-code analysis tools, defense, sql injection defense, detection tools, sql injection
 
 
 
 
Expand article

Obfuscating Fast-fluxed SQL Injected Domains

The Article has images
2008-07-17 15:31:06 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...SQL injection campaign. Consider the following examples of obfuscated domains, naturally being in a fast-flux in the time of the SQL injection that several Chinese script kiddies were taking advantage of 6b%6b%36%2e%75%73 - kk6.us 73%61%79%38%2E%75%73 - s.see9.us 66%75%63%6B%75%75%2E%75%73 - fuckuu.us 61%2E%6B%61%34%37%2E%75%73 - a.ka47.us...
 
Tags: sql, massive sql injections, sql injection campaign, sql injection attacks, popular sql injectors, massive sql injection, site sql, sql injection, campaign
 
 
 
 
Expand article

Streaming SQL Approaches Insist in Ignoring Causality by PatternStorm

2008-09-05 14:25:35 by Tim Bass in The Complex Event Processing Blog
 
...SQL approaches insist in ignoring causality by PatternStorm The recent paper Towards a Streaming SQL Standard by Oracle and Streambase unifies and generalizes two different execution models of Streaming SQL: Oracles and StreamBases While its true that the generalization succeeds in overcoming the unability of both execution models of...
 
Tags: sql, sql approaches insist, cars stream, stream, average speed event, event, sql languages, languages, cars event
 
 
 
 
Expand article

SQL injection compromises MLSgear.com customer information

2008-02-11 09:27:06 by Evan Francen in The Breach Blog
 
...SQL injection attacks carried out on the MLSgear.com web site between January and August, 2007 Reference URL The New Hampshire State Attorney General breach notification Computerworld online story PogoWasRight.org report Report Credit The New Hampshire State Attorney General Response From the online sources cited above It has recently...
 
Tags: information, sensitive personal information, personal information, mlsgear, sql, debit card information, report credit, credit, credit card fraud
 
 
 
 
Expand article

Malware Domains Used in the SQL Injection Attacks

The Article has images
2008-05-22 08:49:38 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...SQL injection attacks nihaorr1.com free.hostpinoy.info xprmn4u.info nmidahena.com winzipices.cn sb.5252.ws aspder.com 11910.net bbs.jueduizuan.com bluell.cn 2117966.net s.see9.us xvgaoke.cn 1.hao929.cn 414151.com cc.18dd.net kisswow.com.cn urkb.net c.uc8010.com rnmb.net ririwow.cn killwow1.cn qiqigm.com wowgm1.cn wowyeye.cn 9i5t.cn...
 
Tags: attacks, sql injection attacks, sql, net, decent sql injector, htm, org, malicious domains lies, malicious domains