We have moved!

To ease navigation and be more in synch with our security colleagues within Microsoft, we have moved to a new blog address: http://blogs.technet.com/mmpc We hope you like the new look. Please remember to redirect any links to our new web address.


When SQL Injections Go Awry, Incident Case Study

It seems to be the "in-thing" these days – using an automated tool to perform SQL injections against vulnerable sites across multiple domains. Although the attack method isn’t new, some sites are hit multiple times, as evident by a corruption of the injection code when one attacker overwrite a previously injected record. Below, you can…


Oderoor – all it’s Kraked up to be?

Greetings from (sorta) sunny Melbourne, Australia! We’re the newest addition to Microsoft’s Security Research and Response global team. In arbitrary seating order we have: Jakub Kaminski, Scott Molenkamp, Hamish O’Dea, Heather Goudey, Raymond Roberts, David Wood, Chun Feng, Oleg Petrovsky, Hermineh Tchagatzbanian, Hil Gradascevic and Matt McCormack. In the same order we have: Skinny Latte…


Microsoft acquires Komoku

Today, Microsoft announced the acquisition of Komoku to add to Forefront and Windows Live OneCare’s technological capabilities.  I would like to take this opportunity to review the year since my “Hello World” blog post and again provide insight on where we will be going.   A year ago, I noted our test results were “not…


MBR rootkit: VirTool:WinNT/Sinowal.A report

This week you may have heard or read about a new rootkit that has been reported in the wild that uses the Master Boot Record (MBR) as its Auto-Start Entry Point (ASEP).  The malware is being called VirTool:WinNT/Sinowal.A.  First we want to let you know that if you use any of the Microsoft antivirus technologies…