SQLSecurity.com

SQLSecurity.comhttp://sqlsecurity.comSQL Server Security Website by Chip Andrewsen-USCopyright 1999 by Chip Andrewschip@sqlsecurity.comChip's Blog - Frank Brown Contributes New Features to SQLVer ApplicationFrank Brown has taken sqlver 1.0 and additional features such as: 1. default port to 1433 if none s...http://sqlsecurity.com/Home/tabid/36/Default.aspxThu, 21 Jan 2010 08:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=853Chip's Blog - Metasploit Framework 3.3 Adds New SQL Server FeaturesWith the 3.3 version of the Metasploit Framework comes the news that it now includes features specif...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 20 Nov 2009 08:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=852Chip's Blog - ISC Sends Reminder on SQL Server Service PortsISC has released a reminder about the dangers of TCP 1433 and UDP 1434 traffic and what it means (us...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 26 Oct 2009 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=851Chip's Blog - TJX Indictments Mean We Get More SQL Injection DetailsWith the indictments coming in for the TJX hacking incident, many more details regarding the nature ...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 17 Aug 2009 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=850Chip's Blog - SQL Server Considered for Future Version of ExchangeThis has been kicking around for years but it appears Microsoft may be looking at this for a post-20...http://sqlsecurity.com/Home/tabid/36/Default.aspxSat, 25 Jul 2009 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=849Chip's Blog - Suspected Turkish SQL Server Injection Attack on U.S. MilitaryIn yet another high-profile Microsoft SQL Server injection attack, the U.S. Army appears to be the l...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 29 May 2009 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=848Chip's Blog - Shameless Plug for Network ToasterWhile the thread of applicability to SQL Server security is virtually non-existant, I wanted to sham...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 22 May 2009 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=847Chip's Blog - SQL Server 2008 SP1 ReleasedOK - you got me - SP1 for SQL Server 2008 has been out for about a month now but in lieu of any othe...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 04 May 2009 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=846Chip's Blog - Excellent Article on Scripting SQLPing3cl.exeonpnt at blogs.LessThanDot.com has put together an excellent article on scripting SQLPing3cl.exe (st...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 09 Mar 2009 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=845Chip's Blog - SQL Server Buffer Overflow in sp_replwritetovarbinA buffer overflow has been identified in older (and un-patched) versions of SQL Server. The vulnerab...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 10 Feb 2009 08:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=844Chip's Blog - SQL Injection on Kaspersky WebsiteA SQL Injection attack has been staged against security software vendor Kaspersky. The only thing n...http://sqlsecurity.com/Home/tabid/36/Default.aspxSun, 08 Feb 2009 08:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=843Chip's Blog - Vulnerability in Extended Stored Proc Forces MS to Release a Patch 961040You may often notice that in the SQL Server recommendations on this site, there are references to di...http://sqlsecurity.com/Home/tabid/36/Default.aspxThu, 25 Dec 2008 08:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=842Chip's Blog - SQL Injection via Cookie attempts to exploit the new MSIE holeSANS has an interesting analysis of a new SQL Injection attack that uses cookies for initial exploit...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 12 Dec 2008 08:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=841Chip's Blog - Web Application Firewall Discussion at ISCDue to the recent outbreak of SQL Injection bots making the rounds, ISC made a recommendation of sev...http://sqlsecurity.com/Home/tabid/36/Default.aspxSun, 23 Nov 2008 08:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=840Chip's Blog - BusinessWeek Hit by SQL Injection AttackHere's another example of SQL Injection on a very popular website. Again - I believe that the SQL I...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 15 Sep 2008 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=839Chip's Blog - New SQL Injection Worm Targeting MSSQLAnother worm is making the rounds. I really don't see much new in this particular variant but it sh...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 12 Aug 2008 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=838Chip's Blog - Buffer Overflow in SQL Server Convert FunctionAs part of the Black Tuesday release this month from Microsoft, we have a critical vulnerability in ...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 08 Jul 2008 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=837Chip's Blog - Microsoft Releases KB Article on SQL InjectionGood grief. You know SQL injection attacks are getting bad when Microsoft releases a KB article tha...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 01 Jul 2008 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=836Chip's Blog - Researcher at Blue Hat Convention Has Bad News for SQL ServerWell - SQL Server and most all other Windows services that implement impersonation - that is. Appare...http://sqlsecurity.com/Home/tabid/36/Default.aspxSun, 18 May 2008 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=835Chip's Blog - Massive SQL Injection Attack Targets Websites Using SQL ServerLooks like another mass SQL Injection attack is making the rounds. The attackers likely used Google...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 25 Apr 2008 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=834Chip's Blog - New Priv Escalation Security Vulnerability (951306) Affects SQL ServerApplications that allow users to run code in an authenticated context (IIS, SQL Server) could be at ...http://sqlsecurity.com/Home/tabid/36/Default.aspxSat, 19 Apr 2008 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=833Chip's Blog - Quick SQL 2008 Security Highlights ArticleKevin Beaver has highlighted some SQL Server 2008 features that may interest readers. Feel free to ...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 19 Mar 2008 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=832Chip's Blog - SQL Server 2008 CTP ReleasedMicrosoft has released the CTP for SQL Server 2008. On the security side, Microsoft is touting the ...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 26 Feb 2008 08:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=831Chip's Blog - Apologies for Forum Moderation DelaysI wanted to personally apologize for the delay in Discussion Forum moderations. Usually I stay on t...http://sqlsecurity.com/Home/tabid/36/Default.aspxSun, 03 Feb 2008 08:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=830Chip's Blog - First Mass SQL Injection Worm? Apparently a new worm has appeared on the Internet that uses SQL injection to infect sites with mali...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 08 Jan 2008 08:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=829Chip's Blog - New "Tiger Team" TV Show Focuses on Penetration TestingWhile the overall effectiveness of penetration testing as a security mechanism is debatable, it sure...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 26 Dec 2007 08:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=828Chip's Blog - Commercial Tools Page AddedI have added a page to the site to host security tools I have created for security engagements and/o...http://sqlsecurity.com/Home/tabid/36/Default.aspxSun, 04 Nov 2007 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=827Chip's Blog - SQLPing3 Command Line - Alpha releaseI have finally posted an alpha release of the command-line version of SQLPing3. Please provide any f...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 24 Oct 2007 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=826Chip's Blog - Acunetix Whitepaper on Web Services VulnerabilitiesAcunetix has posted an article of web services security that discusses (at a high level) some of the...http://sqlsecurity.com/Home/tabid/36/Default.aspxSun, 13 May 2007 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=817Chip's Blog - Imperva Releases Free "Scuba" Vulnerability Scanner for Multiple DatabasesHey - I'm always a fan of free so check it out (from their press release): "Scuba by Imperva is a f...http://sqlsecurity.com/Home/tabid/36/Default.aspxSun, 06 May 2007 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=816Chip's Blog - SQLPing3 ReleasedSQLPing 3.0 is the evolution of the SQLPing product to the .NET Framework using code from SQLRecon. ...http://sqlsecurity.com/Home/tabid/36/Default.aspxSun, 22 Apr 2007 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=814Chip's Blog - SQLRecon/SQLPing UpdatesI have re-compiled SQLRecon 1.0 with .NET Framework 2.0 for those of you who have been keeping up. ...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 27 Mar 2007 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=812Blog - 03-20-07 Site Undergoing a Version UpgradeSQLSecurity.com is currently in the middle of a software upgrade. I will re-post the older blog ent...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 20 Mar 2007 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=625Blog - 02-12-07 A Collection of Excellent Articles about SQL InjectionAcunetix has posted an excellent series of articles on web application security including several on...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 13 Feb 2007 02:18:57 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=660Blog - 01-30-07 Microsoft Releases KB Article on the SQL 2005 Express/Vista IssueIt appears Microsoft has finally presented an explanation and workaround for those wishing to run SQ...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 30 Jan 2007 19:48:29 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=659Blog - 12-16-06 SQL Server 2005 Express not compatible with VistaFor those of you planning to jump on Windows Vista for all those supposed new security improvements ...http://sqlsecurity.com/Home/tabid/36/Default.aspxSat, 16 Dec 2006 19:49:23 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=658Blog - 11-7-2006 Article on Forensic Tamper Detection is SQL Server TablesAmit Basu has submitted an excellent article on implementing forensic tamper detection in SQL Server...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 07 Nov 2006 18:14:10 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=657Blog - 10-23-06 New Organization Created To Promote Application Security Tim Mullen has started a new open-membership security organization with a provocative name. The orga...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 23 Oct 2006 23:55:45 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=656Blog - 09-10-06 Article on Building Secure Protocols - SSPI discussedFor anyone who has ever assembled a SQL Server connection string, the phrase "Integrated Security=SS...http://sqlsecurity.com/Home/tabid/36/Default.aspxSun, 10 Sep 2006 12:57:21 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=655Blog - 07-21-06 Looks like ISC has solved the mystery ISC has concluded that the spike in TCP 1433 is probably due to someone using the old MSSQL 2000 pre...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 21 Jul 2006 16:04:58 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=654Blog - 07-19-06 TCP port 1433 scans spiking at ISCISC is reporting a spike in TCP 1433 (default SQL Server posrt) scans across the internet as detecte...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 19 Jul 2006 11:42:16 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=653Blog - 07-11-06 Application Security Scanners GaloreI've been adding plenty of products to the Assessment Tools section of the site under "SQL Server Re...http://sqlsecurity.com/Home/tabid/36/Default.aspxSun, 09 Jul 2006 23:21:26 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=652Blog - 05-11-06 What should we do when we find a vulnerability?You've been there. You're on some site, tooling around looking at news, articles, whatever. Sudden...http://sqlsecurity.com/Home/tabid/36/Default.aspxThu, 11 May 2006 19:12:31 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=651Blog - 04-18-2006 SQL Server 2005 SP1 goes RTMSQL Server 2005 Service Pack 1 has been released. One noticable difference right off the top is tha...http://sqlsecurity.com/Home/tabid/36/Default.aspxSun, 23 Apr 2006 17:03:15 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=650Blog - Migration largely complete - Wednesday, March 01, 2006Well - that was fast - the tools are back online and the free analysis page is working again. Pleas...http://sqlsecurity.com/Home/tabid/36/Default.aspxThu, 02 Mar 2006 04:50:21 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=648Blog - Site Upgrade in Progress - Tuesday, February 28, 2006In case you haven't noticed, I have upgraded the site to DNN 4.0.2 and am in the process on integrat...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 01 Mar 2006 03:29:19 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=647Blog - Excellent article on SQL Server Security Testing - Tuesday, February 28, 2006This is an excellent TechTarget article on SQL Server security testing by Kevin Beaver. The highligh...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 01 Mar 2006 01:45:30 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=645Blog - Article on 10 tricks attackers use to access SQL Server - Tuesday, February 28, 2006Informative article on how attackers commonly compromise SQL Server systems. Besides the scenarios, ...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 01 Mar 2006 01:44:12 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=646Blog - Testing Testing TestingNow that we have a release for SQL 2005 in our grubby little hands, its time for some good ole pen t...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 16 Dec 2005 00:56:08 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=795Blog - SQL Server 2005 goes RTMSQL Server 2005 and Visual Studio 2005 Professionsal have been released to manufacturing. You shoul...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 28 Oct 2005 15:49:55 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=794Blog - SQL Server Security SchoolNot sure how I forgot to post this earlier but I did record a webcast series on SearchSQLServer.com ...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 07 Oct 2005 21:12:52 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=793Blog - SQL Server 2005 coming soon - Need a Preview?OK - it's been kinda quiet lately on the SQL Server front that's for sure. But look on the bright s...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 30 Sep 2005 23:20:16 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=792Blog - Never made it to Black Hat - Apologies to all!OK - so I had every intention of going to Black Hat this week. I was packed. I had my new laptop r...http://sqlsecurity.com/Home/tabid/36/Default.aspxSat, 30 Jul 2005 00:45:22 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=791Blog - Web Application Security Training at Black HatI will be one of many trainers for a course on web application security at Black Hat in Vegas July 2...http://sqlsecurity.com/Home/tabid/36/Default.aspxSun, 10 Jul 2005 19:08:13 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=790Blog - Microsoft gives us a date for SQL Server 2005At Teched Orlando, Paul Flessner announced that Nov 7, 2005 is the release date for SQL Server 2005 ...http://sqlsecurity.com/Home/tabid/36/Default.aspxThu, 09 Jun 2005 01:49:24 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=789Blog - Microsoft WSUS goes RTM - At last!Microsoft's WSUS product has been released to manufacturing and was distributed attendees at Teched....http://sqlsecurity.com/Home/tabid/36/Default.aspxThu, 09 Jun 2005 01:44:30 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=788Blog - SQL Server 2000 SP4 ReleasedIn case you haven't heard by now SP4 for SQL Server 2000 has finally been released. This release in...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 10 May 2005 01:10:37 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=787Blog - MSDN Article on Security in SQL Server 2005Article by Don Kiely on the new security features of SQL Server 2005 and what it means for you. Sub...http://sqlsecurity.com/Home/tabid/36/Default.aspxSat, 07 May 2005 03:31:14 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=786Blog - Idera SQL Compliance ManagerIdera's SQL compliance manager provides a powerful auditing and compliance solution for Microsoft SQ...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 22 Apr 2005 18:04:06 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=785Blog - SQL Server 2005 Virtual Labs from MicrosoftAre you ready to experience SQL Server 2005? Announcing the launch of the SQL Server 2005 Virtua...http://sqlsecurity.com/Home/tabid/36/Default.aspxThu, 07 Apr 2005 14:38:41 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=784Blog - WMSDE - Something else to keep our eyes onMicrosoft has released a special version of MSDE to be released with Windows Sharepoint Server and r...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 28 Mar 2005 17:48:30 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=781Blog - SUS - too hot! WUS - too cold! WSUS - just right?Microsoft has announced the release candidate open evaluation for the successor to Windows Update Se...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 28 Mar 2005 17:41:02 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=783Blog - Patching SQL Server Checklist at TechTargetI just finished a two-part series on finding and patching SQL Servers in your organization for TechT...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 28 Mar 2005 17:02:07 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=782Blog - SQLRecon 1.0 ReleasedSQLRecon v1.0 has been released to the public as a free tool. SQLRecon performs both active and pas...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 22 Mar 2005 18:53:16 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=779Blog - Chip Andrews a Founding Member of Special Ops Security, Inc.In case you haven't figured it out by now, I've joined forces with some of my favorite IT security ...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 22 Mar 2005 16:49:36 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=780Blog - Jimmers releases code to reveal DTS connection passwordsDTSConnPass - utility to decrypt DTS package Connection passwords. If you export a DTS package as ...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 02 Mar 2005 01:09:26 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=778Blog - Debate on the security of stored procedures and parameterized queriesThis debate occurred on TheServerSide.NET and the original poster was way off on this topic but the ...http://sqlsecurity.com/Home/tabid/36/Default.aspxThu, 24 Feb 2005 05:54:33 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=777Blog - New SQL Server discovery tool "SQLRecon" to be released soonIn association with Special Ops Security, I will soon be releasing a tool called SQLRecon to the gen...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 09 Feb 2005 19:02:33 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=776Blog - SQL Server Brute Force Scanning SurgeAccording to ISC SANS, there have been a large number of SQL Server authentication brute force attem...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 31 Dec 2004 12:14:14 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=775Blog - Microsoft Webcast on SQL 2005 SecurityWant a glimpse at some of the new security features in SQL Server 2005? Check out this webcast - it...http://sqlsecurity.com/Home/tabid/36/Default.aspxThu, 09 Dec 2004 17:59:15 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=774Blog - FxCop 1.312 Adds Check for SQL InjectionThe FxCop tool from Microsoft, which scans .NET assemblies for various development flaws, has added ...http://sqlsecurity.com/Home/tabid/36/Default.aspxThu, 04 Nov 2004 20:44:24 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=773Blog - New SQLSecurity Group Policy Template ProjectI've started a new project concerning the construction of a custom administrative template for Group...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 26 Oct 2004 18:20:05 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=772Blog - Nicholas Petreley on Linux vs Windows SecurityWhy is this relevant to SQL Server you ask? Well, in his discussion of Windows Design he uses the S...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 22 Oct 2004 18:33:08 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=771Blog - SQL Server Remains on the SANS Top 20 ListDespite the fact that most visitors think SQL Server security is improving (according to a recent no...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 11 Oct 2004 23:44:35 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=770Blog - Free MS Webcast on Runing MSSQL on XPSP2 Microsoft is hosting a free webcast on resolving issues related to running SQL Server 2000 on XP SP2...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 04 Oct 2004 15:00:54 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=769Blog - SQL Server 7.0 Denial of Service VulnerabilityWhile I have seen no verification from Microsoft of this and have not tested it myself, a denial of ...http://sqlsecurity.com/Home/tabid/36/Default.aspxThu, 30 Sep 2004 20:49:22 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=768Blog - Quiet Times in SQL Server LandLet's face it - It's been real quiet in the world of SQL Server security as of late. Not a lot of n...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 17 Sep 2004 14:55:50 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=767Blog - SQL Server 2005 Express Edition Replaces MSDEAccording to MSDN, SQL Server 2005 Express Edition will replace MSDE as the free offering to get peo...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 30 Jun 2004 11:55:02 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=765Blog - Microsoft SQL Server Security AnalyzerTool to inspect a SQL Server installation and compare its configurating against Microsoft's security...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 25 Jun 2004 14:14:01 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=764Blog - Windows XP SP2 and how it will affect SQL ServerMicrosoft is warning you ahead of time of some changes that will take place in Windows XP Service Pa...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 23 Jun 2004 17:54:07 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=763Blog - SANS - SQL Server Scanning on the rise- bewareThere is a disturbing report from SANS about some increased SQL Server scanning activity from what m...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 01 Jun 2004 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=766Blog - Slashdot Blog on new SQL Server Security Features in YukonThere's a link on the Slashdot blog to an article with the details. Plenty of humorous commentary o...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 01 Jun 2004 07:00:00 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=762Blog - Imperva Releases Whitepaper on SQL Injection Signatures EvasionSome excellent technical analyses of how attacks might circumvent SQL Injection Signatures. The con...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 28 Apr 2004 15:37:35 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=761Blog - Phatbot/Agobot/Gaobot May Use SQL Server for InjectionLooks like past flaws in SQL Server are part of a new variant of an existing worm now propogating. ...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 26 Apr 2004 04:06:06 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=760Blog - Article from Jeremiah Grossman on SQL Injection For anyone who's looking for an article on the subject of SQL Injection targeted at the layman, Jere...http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 06 Apr 2004 00:49:56 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=759Blog - New Tool added - SQLVer - Enumerate SQL Server VersionsOK - this one's for those that want to get the version of a SQL Server instance withuot logging into...http://sqlsecurity.com/Home/tabid/36/Default.aspxFri, 27 Feb 2004 13:44:35 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=756Blog - New! Version Database Added to SQLSecurity.comI've added a new tab for the SQL Server version database. I'm especially glad to see this since it ...http://sqlsecurity.com/Home/tabid/36/Default.aspxSat, 31 Jan 2004 03:37:56 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=755Blog - MSDE appears in Windows Update...Sort ofWhile I have yet to see the first instance of a SQL Server service pack or hotfix in Windows Update ...http://sqlsecurity.com/Home/tabid/36/Default.aspxThu, 22 Jan 2004 21:41:47 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=754Blog - SQLSecurity.com has changed hosting providersI want apologize in advance for any interruptions in service anyone may have endured as SQLSecurity....http://sqlsecurity.com/Home/tabid/36/Default.aspxTue, 20 Jan 2004 13:04:59 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=753Blog - Remote MDAC Vulnerabilty using UDP 1434New MDAC Vulnerability is a reverse spin on MS02-039 whereby a response to a discovery packet sent b...http://sqlsecurity.com/Home/tabid/36/Default.aspxWed, 14 Jan 2004 06:44:38 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=752Blog - Here comes 2004!In an effort to update the user interface and streamline future updates, I've ported the SQLSecurity...http://sqlsecurity.com/Home/tabid/36/Default.aspxMon, 29 Dec 2003 06:12:28 GMThttp://sqlsecurity.com/Home/tabid/36/Default.aspx?ItemId=751