Tuesday, October 17, 2017
  • Home
  •             

Questions about Web Server Attacks

April 28th, 2008 by Patrick S

Bill Sisk just wrote an article on the Microsoft Security Response Centre (MSRC) blog:

There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information.

To begin with, our investigation has shown that there are no new or unknown vulnerabilities being exploited. This wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server. We have also determined that these attacks are in no way related to Microsoft Security Advisory (951306).

The attacks are facilitated by SQL injection exploits and are not issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies. SQL injection attacks enable malicious users to execute commands in an application’s database. To protect against SQL injection attacks the developer of the Web site or application must use industry best practices outlined here. Our counterparts over on the IIS blog have written a post with a wealth of information for web developers and IT Professionals can take to minimize their exposure to these types of attacks by minimizing the attack surface area in their code and server configurations. Additional information can be found here: http://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx  

As outlined in other reports the security flaw seems to be in poor code on websites, hackers a merely taking advantage of it on a massive scale.
Installing updates and blocking any malicious websites is the best method to protect your IIS Server.

 

Posted in MS SQL, Online Safety, Windows Server System | 2 Comments »

Bye bye Microsoft, and thanks for all the fish

March 9th, 2007 by Zack Whittaker

Some people have questioned me over the last week or so asking, “are you leaving Microsoft” and all this. Let’s get something straight first… I was never Microsoft’s b***h and never will be. I’ve worked with the Windows Live guys now for little less than a year starting off on Messenger and Spaces and moving on to web safety. Web safety (or rather as it’s now known as family safety as it’s more appropriate) means an awful lot to me. I’ve got a young goddaughter and a much older sister who uses the Internet and to be fair, there are all kinds of weirdo’s out there who would love to bury their faces into a young’un and it makes me sick to the core. Being a younger gentleman, I have added advantages of being young and having that special perspective which a lot of other people have. I started really young – most people could never say they’ve worked with some of the amazing people I have by the age of 15, and now I’m 18 and have met even more influential people, it makes me glad I started testing in the first place.

The Windows Live division, more specifically the family safety section is undergoing a major restructuring backend with people being shifted around from place to place, even if they’ve been doing that job for a good length of time. Family safety is really important to Microsoft but from my perspective, it’s being put off more and more because people are being shifted around. Someone I’ve done work for, Jo who worked on the family safety products for some time, isn’t working on it anymore; that really saddens me as I know she loved doing it. From what I understand, a big head of citizenship (of which the family safety comes under the hood of) has been replaced which will mean it’ll take months to find someone else let alone the time to bring them up to speed with what’s going on.
There aren’t the resources available, nor is there enough money to really push forward with some of these great ideas which have been bounced around internally.

Because of this, people have already reported that the Windows Live OneCare Family Safety product won’t be around until the summertime. The product is pretty much nearly done and I suspect one of the reasons why it’s not moving forward is because of the lack of resources and people. There are some interdependencies here and there however, like needing to interact with other products and ensuring that other teams are on track so that the Family Safety product can move forward. We’re talking about Microsoft, one of the biggest and most wealthy organisations in the world, and there isn’t the money to do these things, to protect the kids online from the things they should never have to experience. I’ve had a whole wave of ideas which could seriously improve the family safety side of things within products and existing solutions, but because of the lack of money and people being busy with hiring new leads of citizenship, these ideas are all pending for a good 6 months.

Now maybe it’s because I’m young and stupid and naïve, but can the kids of this world wait another 6 months? These threats are getting more intense every day and its Microsoft’s products which are central to these because they’re so popular with the users. It’s not Microsoft’s fault that these services are being exploited; it’s their fault for being so popular, which is hardly a bad thing. This is why I focused on Microsoft for the web safety – because they have the products and the services which are being used and that could be improved and secured for the younger generation.
One thing I can be super proud of – is that I’ve greatly contributed to improving the Windows Live OneCare Family Safety filter with the help of Jo, and that’s something which I’m proud of. Some of the people I’ve worked with – my God, just brilliant.

I’ve had a “mentor” being Philippa, and without doubt the best “boss” I’ve ever had. Cristiano, Dev, Andy, Jo, to name a few – it’s been a good stretch. But for the time being, I’ve only really got to say this as I wrap it up. I’m not leaving Microsoft as I was never really part of it in terms of a paid full time position. For the time being, I’m stepping back for some time, letting things mull over, I’ll still do the odd bit here and there no doubt but it’s time to focus on me and me only. I need to get past these next few months and finish my further education, and head on to higher education at university starting this September/October. Who knows what’ll happen next… I guess I’ll just have to take things in my stride and let things happen as and when they do.

Posted in Daily Life, Microsoft, Online Safety, Windows Live | 3 Comments »

OneCare Family Safety updated

March 2nd, 2007 by Zack Whittaker

Windows Live OneCare Family Safety has been updated to a Beta 2 refresh status. Current users will get a notification through asking you to update, new users will be able to download it from the website by tomorrow morning.

Check it out: https://fss.live.com.

Posted in Online Safety, Windows Live | Comments Off on OneCare Family Safety updated

Windows Live Family Safety broadens to Messenger

January 31st, 2007 by Zack Whittaker

To put this clearly – the parent’s Windows Live ID will oversee the child’s Windows Live ID (as the Family Safety product does anyway), but now parents will be able to approve and decline contacts to the child’s Windows Live Messenger view. Parents will be able to view information on the person who’s about to be added, view their Space, check ages etc.

Source (with pretty pictures!): liveandbeyond.com

Posted in Online Safety, Windows Live Messenger | Comments Off on Windows Live Family Safety broadens to Messenger

MySpace sued over child user safety

January 19th, 2007 by Zack Whittaker

MySpace is being sued by the families of five teenage girls who it is claimed were sexually assaulted by men they met through the social networking website. The negligence and fraud suit against the popular site, owned by Rupert Murdoch’s News Corporation, was filed at a court in Los Angeles.

It comes after a similar lawsuit was filed by the parents of a 14-year-old American girl last year. Last year, MySpace increased security measures to protect its younger users. In April 2006, the website hired a former prosecutor in the US Justice Department’s internet child exploitation unit, Hemanshu Nigam, as its chief security officer.

It also made it impossible for users aged 18 and above to contact 14 and 15-year-old members, unless they knew the younger person’s email address. The girls involved in the latest lawsuits were all aged between 14 – the minimum age for a MySpace account – and 15.

“In our view, MySpace waited entirely too long to attempt to institute meaningful security measures that effectively increase the safety of their underage users,” said Jason Itkin, a lawyer for one of the firms representing the families. However Mr Nigam said that “ultimately, internet safety is a shared responsibility”.

“We encourage everyone to apply common sense offline security lessons in their online experiences and engage in open family dialogue about smart web practices,” he added. News Corporation’s shares rose 1.7% in Thursday trading. It bought MySpace for $580m (£333m) in July 2005.

Source: liveandbeyond.com

Posted in Online Safety | 3 Comments »

Minor tweaks and updates for Report Abuse Desktop Client

December 27th, 2006 by Zack Whittaker

Report Abuse Desktop Client
(released 27th December 2006 – version 2.5.63.6)
Download now Please uninstall/delete and disregard any previous build
(Alternative link if above doesn’t work – some router’s/firewall’s don’t like subdomains)
Compatible with: Windows 2000 Professional, All versions of Windows XP, Windows Server 2003 and Windows Vista (32-bit only)

The Report Abuse Desktop Client has had a few updates and tweaks – no extra functionality has been added, rather some things changed (the odd spelling mistake here and there). Don’t forget, you can auto-update – click on the Reporting tools tab, then Check now to update.

Posted in MSBLOG Related, Online Safety | 1 Comment »

New computers for your kids this Christmas? Watch this first.

December 24th, 2006 by Zack Whittaker

If you’re buying a new computer for the family or for a child this Christmas, watch this thought provoking film first. Be patient, may take a minute or so to load.

Find the Video HERE

Releated downloads
Report Abuse Desktop Client
Windows Live OneCare Family Safety
Windows Live Messenger 8.1 (with Report Abuse features)

Related links
Child Exploitation and Online Protection Center
Virtual Global Taskforce

Posted in Daily Life, Online Safety | 2 Comments »

The bigger and better Report Abuse Desktop Client

December 20th, 2006 by Zack Whittaker

 


Report Abuse Desktop Client

(released 21st December 2006 – version 2.0.44.0)
Download now –  Please uninstall/delete and disregard any previous build
(Alternative link if above doesn’t work – some router’s/firewall’s don’t like subdomains)
Compatible with: Windows 2000 Professional, All versions of Windows XP, Windows Server 2003 and Windows Vista (32-bit only)

The Report Abuse Desktop Client is an application written by myself and provided by MSBLOG enabling younger users of the Internet to report online abuse or suspicious activity of online predators. It’s free to mirror and distribute, and recommended for those who have a family computer or for families with children who use the Internet. It has an auto-update feature in it as well so it’ll still update easily.

   

Please spread the word of this software. It does not benefit MSBLOG in any way at all, talking as a collective, we all want children to be safe online and this is a one-of-a-kind solution to help it happen. The image below can be put in link exchanges, affiliates lists, anything like that. Please spread the word :) 


(http://download.msblog.org/radc.png)

 Digg this story
 Watch a thought provoking short video

Posted in MSBLOG Related, Online Safety | 4 Comments »

Windows Live OneCare Family Safety software beta refresh now active

December 12th, 2006 by Zack Whittaker

It’s been released! Very excited about this release – hope you all enjoy it! Toast notifications will go out in an hour or so, and you can download directly from the site.

Download the software or visit the site – new users will really love the new sign-up experience 🙂

Posted in Online Safety, Windows Live | 2 Comments »

Windows Live OneCare Family Safety hits Beta 2

December 10th, 2006 by Zack Whittaker

Finally – a new release of Windows Live OneCare Family Safety (FSS for short). Although the new features cannot be said as yet, all the bugs which were previously submitted have been stamped out and Microsoft are ready to send out Beta 2 of the software.

FSS is client and web based software – which depends on a parent’s Windows Live ID to set options, levels of security, what the child can go on and what they can’t, and it depends on the child’s or children’s Windows Live ID to logon to use the Internet and therefore the parent’s settings are enforced.

This allows children to safely view the web and have restricted to them most of the bad content out there. Windows Live OneCare Family Safety is designed for Windows XP SP2 machines only – it will not be released initially to Windows Vista users as they already have Parental Controls in the Control Panel to play with.

Here’s what Microsoft had to say:

We’re very excited to announce that December 11th will be the Windows Live OneCare Family Safety Beta Refresh! Over the next few days, you may see a preview of the refreshed Family Safety website as we update our servers and transition them over to the new content and functionality. The website update will be final by Monday. The client software is also being updated in parallel and we expect the client download to be ready by Monday also, but you may not see the “toast” notification to update your client until Tuesday the 12th.

The Beta 2 software will be available shortly – on Monday or Tuesday.

Windows Live OneCare: http://onecare.live.com/
OneCare Family Safety: https://fss.live.com/
FSS Team Blog: http://familysafety.spaces.live.com/

Posted in Online Safety, Windows Live | 4 Comments »

Windows Live OneCare – desktop application, web safety and web scanner

October 9th, 2006 by Zack Whittaker

Here I am trying to explain what “OneCare” actually is. Google doesn’t have a definition for it, so I’m going to define it right here.

 OneCare™ – noun [whon-khare]: The service name for providing security and protection  facilities to Microsoft® Windows® operating systems.

The thing is, at the moment there are three different products under the “OneCare” title. These do different things and run in different ways and hopefully this quick guide will actually explain what each product does and you’ll realise that they’re all rather marvelous in each individual way.
 


Currently the 1.5 client version is in beta, but don’t let this fool you! Windows Live OneCare is a desktop application product of which provides you with real-time anti-virus protection, anti-spyware protection (with help from Windows Defender) as well as an advanced firewall to protect your incoming and outgoing Internet traffic. It also provides you with useful facilities such as in-built operating system protection (such as in Windows Vista, it’ll help implement and manage the advanced security features of the new platform), and tune-up services which allow you with one click to clean up unnecessary files, defrag the hard disk and scans for viruses as well.

Windows Live OneCare runs as a series of background system services, and stays in the bottom right of your screen in the notification area near your clock; it’ll either be shown as green for “good”, amber for “there’s something not quite right” and red for “oh my God something bad has happened”.

Download Windows Live OneCare (free trial, paid annual subscription)

 

Windows Live OneCare Family Safety Settings (the longest Windows Live service name, but sometimes just called “Family Safety”) is a web controlled, web controlling and system application. Confused? Don’t be! The parents can set up Windows Live ID’s to login with, and then their children can be added using their credentials, and then after that – the children’s Internet usage and the pages they visit can be customised by the parent in many different ways to stop them seeing what they shouldn’t see.

You can block out whole categories of websites ranging from bomb-making to pornography, to chat rooms and even web-based email services. You can block specific websites and all the subdirectories and pages from that domain – and although it’s mainly web based, only a small “client” application needs to be installed onto each computer you want your family to use. This enables you to easily turn off Family Safety for a set period of time or for good until you turn it back on using a parents password; you can also allow websites using a parents password. However the great thing about this – is that each time a child logs in then it picks up their settings and applies them immediately.

If the child doesn’t log in, they can’t use the Internet and they’ll just get an error page asking them to log in. So it’s either log in and use a limited and protected version of the Internet or don’t use it at all.

Signup for Windows Live OneCare Family Safety (beta)
 
 


The Safety Center (previously known as “Safety Scanner” has just come out of beta, and it’s a scaled down version of the Windows Live OneCare application to download, except this is free and very easy to use. Available from the website, it uses ActiveX controls to gain secure access to certain parts of your computer so that it can clean up unnecessary and temporary files, a virus scan of your selected drives, a defragment of your selected drives as well as a port scanner to ensure that your firewall is secure.

There is no strings attached – the only one is, is that once you download and install the ActiveX control which attaches itself to Internet Explorer, it means you don’t have to download and install on that computer again, enabling you to run the OneCare Safety Center immediately from the main page button.

Use the Windows Live OneCare Safety Center for free

Do hope that clears things up a little bit – if anyone wants to leave questions in form of a comment, I’d be happy to reply

Posted in Online Safety, Security, Windows Live | 5 Comments »

Download the latest Report Abuse Desktop Client

September 7th, 2006 by Zack Whittaker

 

 

Report Abuse Desktop Client
(released 13th Sept 2006 – version 1.5.16.2)
Download now –  Please uninstall/delete and disregard any previous build
(Alternative link if above doesn’t work – some router’s/firewall’s don’t like subdomains)
Compatible with: Windows 2000 Professional, All versions of Windows XP, Windows Server 2003 and Windows Vista (32-bit and 64-bit)

It’s free to mirror and distribute, and recommended for those who have a family computer or for families with children whofonuse the Internet. It has an auto-update feature in it as well so it’ll still update easily.


The Report Abuse Desktop Client is an application written by myself and provided by MSBLOG enabling younger users of the Internet to report online abuse or suspicious activity of online predators. It’s a topic which no-one really wants to talk about because of the discomfort and the sickening of this sort of behaviour, but it’s being addressed in a number of different ways.    

    

 

Posted in Online Safety | 4 Comments »

Report Abuse Desktop Client

September 4th, 2006 by Zack Whittaker

 

 

 Download links available here 

This page has been saved in the right hand pane. You can always access this page by selecting Report Abuse Desktop Client at the top right, underneath the Search bar.

The Report Abuse Desktop Client is an application written by myself and provided by MSBLOG enabling younger users of the Internet to report online abuse or suspicious activity of online predators. It’s a topic which no-one really wants to talk about because of the discomfort and the sickening of this sort of behaviour, but it’s being addressed in a number of different ways.

The Virtual Global Taskforce (VGT) is an online organisation set up and moderated by the world’s policing authorities from the USA, England, Australia and Interpol. It provides the ability for users who feel they are being targeted by online sexual predators to report information to make sure that the online community is safer. Already, Microsoft have incorporated the VGT as a tab in Windows Live Messenger, and they’ve shutdown the MSN Chatrooms but this isn’t enough for outside Microsoft and their products.

This tool sits in the system tray, and younger users between 5-18 can use this tool if they feel threatened or are aware of suspicious activity. Simply double-click the icon to bring up the VGT Report Abuse website.

Please digg this – I really want this tool to be available to everyone who wants it 🙂

Posted in Daily Life, Online Safety | 15 Comments »