Microsoft has released (or co-released) 3 new tools to help eliminate SQL injections: UrlScan version 3.0 Beta, a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan helps prevent potentially harmful...
UrlScan version 3.0 Beta is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from being processed by web applications on the server. x86 x64
From the Sunbelt blog. There is a phishing attempt going on against Facebook. Recipients may see something like the following: Concerned for your users? Read the rest… http://sunbeltblog.blogspot.com/2008/06/alert-facebook-now-target-of-phishers.html
Got a question via email asking to configure Transactional Replication between two servers with in SQL Server 2005. By all means I would like to refer this KBA http://support.microsoft.com/kb/321822 for replication between HOW TO: Replicate Between Computers Running SQL Server in Non-Trusted Domains...
Few things you need to consider before letting the users use Reporting Services within a DMZ environment where the Servers are exposed to the INternet and to safeguard the servers from hackers. In this case you must be aware that SQL Server uses TCP port 1433 and UDP port 1434, change it to a different...
According to a report from Danish security vendor Secunia, as many as one third of the applications in use on corporate networks are vulnerable to critical attacks. According to this SC Magazine article, Secunia sites deficiencies in commonly used vulnerability scanners as the culprit. Their point of...
Tom D'Auria invited me back to talk more computer security on his IMI TechTalk radio show. I appeared on the show in November of 2006 to promote my book, Essential Computer Security . We did not get to cover all of our questions in the time allotted, so I will be back on the show on Sunday, February...
Posted to
Tony Bradley, Microsoft MVP
(Weblog)
by
tonybradley
on
02-10-2007
Filed under: internet, home computer, microsoft, security, backup, restore, internet explorer, ie7, zero-day, essential computer security, imi-techtalk, radio, Tom D'Auria, interview
In Vista, Internet Explorer gets the benefit of some added security. Using WIC (Windows Integrity Control), Vista treats files and processes associated with Internet Explorer as Low integrity as long as it is running in Protected Mode. Internet Explorer Protected Mode is enabled by default and ensures...
Posted to
Tony Bradley, Microsoft MVP
(Weblog)
by
tonybradley
on
02-06-2007
Filed under: internet, windows vista, security, internet explorer, ie7, protected mode, object, mandatory integrity control, trust, windows integrity control
With Vista, Microsoft introduced a new security concept to help protect your computer. Rather than relying on discretionary controls, like NTFS file and folder permissions which users can assign and change, Vista also has new mandatory controls. WIC, or Windows Integrity Control (also referred to as...
Posted to
Tony Bradley, Microsoft MVP
(Weblog)
by
tonybradley
on
02-05-2007
Filed under: internet, windows vista, microsoft, security, user, internet explorer, ie7, web, protected mode, wic, object, mandatory integrity control, trust, windows integrity control, mic
According to a study compiled by the Washington Post's Brian Krebs , Internet Explorer 6 was vulnerable for 284 out of 365 days in 2006. That amounts to over 77% of the year. What does that mean? It means the for 3/4 of the year there were known vulnerabilities affecting Internet Explorer 6 for which...
Posted to
Tony Bradley, Microsoft MVP
(Weblog)
by
tonybradley
on
01-07-2007
Filed under: internet, home computer, windows xp, microsoft, security, vulnerability, patch, internet explorer, ie7, web, worm, hack, firefox, zero-day