Thursday, May 25, 2017
  • Home
  •             

Windows Azure Services

October 31st, 2008 by kenlin@HK [MVP]

Windows® Azure is a cloud services operating system that serves as the development, service hosting and service management environment for the Azure Services Platform. Windows Azure provides developers with on-demand compute and storage to host, scale, and manage Web applications on the Internet through Microsoft® data centers.

To build these applications and services, developers can use their existing Microsoft® Visual Studio® 2008 expertise. In addition, Windows Azure supports popular standards and protocols including SOAP, REST, and XML. Windows Azure is an open platform that will support both Microsoft and non-Microsoft languages and environments.

 What is the Azure Services Platform?

Posted in .NET Framework, MS SQL, Windows Live | Comments Off on Windows Azure Services

And so the SQL attacks continue…

May 15th, 2008 by Patrick S

Yep…It’s still going-and its worse than ever it seems. Hundreds of thousands of unsuspecting people are stillstumbling across perfectly legitimate websites that have been compromised by an SQL injection, and as a result are infected with a nastyTrojan.
These types of Trojans are known for changing an affected system’s local DNS and Internet browser settings, thus making the system vulnerable for even more potential threats. (Trend Micro have written a very good post explaining what happens once infected)

Therefore I thought I would take some time to mention a dew domains (courtesy of f-secure) admins should block to avoid any possible chance of infection:

  • yl18.net
  • www.bluell.cn
  • www.kisswow.com.cn
  • www.ririwow.cn
  • winzipices.cn
  • www.wowgm1.cn
  • www.killwow1.cn
  • www.wowyeye.cn
  • vb008.cn
  • 9i5t.cn
  • computershello.cn

This is a good time to again mention that this not a vulnerability in Microsoft IIS or Microsoft SQL that is used to make this happen. If you are an administrator of a website that is using ASP/ASP.NET, you should make sure that you sanitize all inputs before you allow it to access the database.

There are many articles on how to do this such as this one. You could also have a look at URLScanwhich provides an easy way to filter this particular attack based on the length of the QueryString.

Posted in MS SQL, Security, Windows Server System, Windows XP | Comments Off on And so the SQL attacks continue…

Questions about Web Server Attacks

April 28th, 2008 by Patrick S

Bill Sisk just wrote an article on the Microsoft Security Response Centre (MSRC) blog:

There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information.

To begin with, our investigation has shown that there are no new or unknown vulnerabilities being exploited. This wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server. We have also determined that these attacks are in no way related to Microsoft Security Advisory (951306).

The attacks are facilitated by SQL injection exploits and are not issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies. SQL injection attacks enable malicious users to execute commands in an application’s database. To protect against SQL injection attacks the developer of the Web site or application must use industry best practices outlined here. Our counterparts over on the IIS blog have written a post with a wealth of information for web developers and IT Professionals can take to minimize their exposure to these types of attacks by minimizing the attack surface area in their code and server configurations. Additional information can be found here: http://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx  

As outlined in other reports the security flaw seems to be in poor code on websites, hackers a merely taking advantage of it on a massive scale.
Installing updates and blocking any malicious websites is the best method to protect your IIS Server.

 

Posted in MS SQL, Online Safety, Windows Server System | 2 Comments »

Windows Server, SQL Server & Visual Studio Launch 2008 Resources

April 25th, 2008 by Patrick S

HEROES Happen {HERE}

Microsoft have just posted the resources from the Windows Server, SQL Server & Visual Studio Heroes happen {Here}  launch. Check them out they are very informative indeed!

Catergorys include:

  • Session 1 | What’s New in Windows Server 2008
  • Session 2 | Virtualization and Your Infrastructure
  • Session 3 | Securing Your IT Infrastructure with Windows Server 2008
  • Session 4 | Exploring Windows Server 2008 Web and Application Technologies

Find the links to the slides here: http://www.technetbriefings.com/2008-launch-resources.aspx

Posted in MS SQL, Visual Studio, Windows Server System | Comments Off on Windows Server, SQL Server & Visual Studio Launch 2008 Resources