From Windows Administration

Quickly Configure or Disable ETags in IIS7 or IIS6

With the move of my blog to a new server, so comes a few new tweaks. Fortunately, I'm on an Windows 2008 Hosting account and I have had delegation enabled so I can remotely manage all the features in my IIS7 website with the IIS7 manager (but more on that in a later post). Earlier this year I fired up firebug and the Y!Slow application from Yahoo to really dial in my website's performance. One of these changes was to disable ETags. On the IIS6 server I was on I found an ISAPI filter that I could Read more [...]

SQL Injection Help .. Microsoft to the rescue with URLScan 3.0.

The number of SQL Injection attacks across the Internet continue to rise. I'm seeing regular posting on the SANS RSS feed related to SQL Injection and XSS these days and clients are finding that applications they thought were not vulnerable turn out to be vulnerable because of patches and custom mods they've had made to them.  For most site owners this meant going back to the developers and getting updates and this is generally costly and time consuming. Fortunately, Microsoft has stepped up Read more [...]

SQL Injection attacks continue, Is it Microsoft’s Fault?

My previous blog post attempted to explain SQL injection and why it's a problem.   It's started to get media coverage now and the media is looking for a target (scapegoat). So as is often the case, someone gets wrongly blamed and right now it's of course Microsoft. It's NOT Microsoft's fault. Here's what's happening, recently Microsoft announced a couple new vulnerabilities and one of these was for IIS.  At the same time there's a barrage of SQL Injection attacks being carried out Read more [...]

SQL Injection attacks and what you can do

It's a shame but not many website owners or for that matter, web developers are familiar with what SQL Injection is and just why it's something they need to worry about.  I'm noticing through various forums, friends, etc an increased number of sites being exploited for Cross Site Scripting through SQL Injection.  Most blog readers are going to say "HUH? Cross Eyed Scripting? What Injection?" Here's what I'm talking about, a hacker will come to your website and use SQL injection to gain Read more [...]