SQL Injection Hijinks

or Why I Keep Harping On Blacklisting   Summary: An incident reveals attempts to get around blacklisting by manipulating behavior in ASP, illustrating the weakness of blacklist approaches. A new version of UrlScan is shipping today with a change specifically to address this. Discussion: I was working with a colleague on an incident last week…

1

PASSGEN

Occasionally, I see a security incident where one of the things that went wrong was that all of the customer’s machines have the same password for the built-in administrator’s account.  Whenever this happens, I suggest the PASSGEN tool that was included with the book "Protect Your Windows Network" by Steve Riley and Jesper Johansson.  Obviously,…

1