A new SQL injection attack aimed at Microsoft IIS web servers has hit some 500,000 websites, including the United Nations, UK Government sites and the U.S. Department of Homeland Security. While the attack is not Microsoft's fault, it is unique to the company's IIS server.
The automated attack takes advantage to the fact that Microsoft’s IIS servers allow generic commands that don’t require specific table-level arguments. However, the vulnerability is the result of poor data handling by the sites’ creators, rather than a specific Microsoft flaw.
In other words, there’s no patch that’s going to fix the issue, the problem is with the developers who failed follow well-established security practices for handling database input.
The attack itself injects some malicious JavaScript code into every text field in your database, the Javascript then loads an external script that can compromise a user’s PC.
Most of the larger sites affected have already long since repaired themselves and claim that the underlying problems in their code have been fixed. However, if you don’t want to take the chance there’s a simple way to avoid the problem — use Firefox with NoScript. Since the attack loads a script from a different domain, NoScript will stop it from running.
If your site has been affected you’re going to need to restore your database from a clean backup copy and start reviewing your code to make sure all input is properly sanitized, otherwise you’ll just get hit again. Should you not have a clean backup of you database hackademix.net has a workaround for rerunning the attack, but changing a couple lines to remove the injected JavaScript.
If you’ve been hit by the attack, you should, as Bill Sisk, Microsoft’s Trustworthy Computing, Response Communications Manager, suggests on his blog, report the attack
Thanks
Tuesday, April 29, 2008
Sunday, April 27, 2008
Secret Pre-Release Details On Windows XP Service Pack 3
We were the first to break the news on the release of Windows Vista Service Pack 1 and the final RTM schedule of Windows XP Service Pack 3. Now, we will be the first to release the full details on Microsoft's Windows XP Service Pack 3, which as we know will be available for manual update on April 29, 2008. That's just a few days away!
Read from techarp
Read from techarp
Thursday, April 24, 2008
Microsoft unveils its web vision
Microsoft has lifted the lid on a new web service called Live Mesh, designed to connect a multiplicity of devices and applications online.
Tuesday, April 22, 2008
Microsoft Predicted to Back Away from Vista
When it comes to technology debacles, every major company has a few (remember the Newton?), but right now one of the top spots has to go to Windows Vista, Microsoft’s clunky operating system that has IT shops and consumers desperately clutching at XP for as long as they can.
Jason Hiner over at Tech Republic thinks there may be a light at the end of the Vista tunnel; he predicts IT shops and consumers will have a chance within the next year to upgrade to a cleaner, more modular version of Windows Vista under the Windows 7 moniker. It won’t be a completely new OS but rather a more streamlined version of Vista. He also suggests the pricing for consumers will be lower in an effort to win back those who are turning to Macs.
This could be another step by Microsoft toward shedding cumbersome release cycles and creating software that can be updated every year or so via a subscription model. Hiner lays out a nice case, and as a consumer who once was stuck with a laptop running Windows ME, I have to hope that before the third strike (Vista being the second), Microsoft can score a hit
Monday, April 21, 2008
20+ Windows Vista Features and Services Harvest User Data for Microsoft
Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company.
Microsoft makes no secret about the fact that Windows Vista is gathering information. End users have little to say, and no real choice in the matter. The company does provide both a Windows Vista Privacy Statement and references within the End User License Agreement for the operating system. Combined, the resources paint the big picture over the extent of Microsoft's end user data harvest via Vista.
Read from Softpedia
Microsoft makes no secret about the fact that Windows Vista is gathering information. End users have little to say, and no real choice in the matter. The company does provide both a Windows Vista Privacy Statement and references within the End User License Agreement for the operating system. Combined, the resources paint the big picture over the extent of Microsoft's end user data harvest via Vista.
Read from Softpedia
Tuesday, April 15, 2008
Users Fighting for Windows XP
Microsoft Corp.'s operating systems run most personal computers around the globe and are a cash cow for the world's largest software maker. But you'd never confuse a Windows user with the passionate fans of Mac OS X or even the free Linux operating system. Unless it's someone running Windows XP, a version Microsoft wants to retire.
Read from Wired
Read from Wired
Wednesday, April 9, 2008
Buffalo's Petite LinkStation Mini NAS Has 1TB Storage, a DLNA Server
Fitting a 1TB into a box measuring 5.31 x 3.22 x 1.57 inches isn't all that easy (most NAS boxes we've seen would crush a squirrel easily) but Buffalo seems to have not only accomplished this but shoved in a whole bunch of other features as well. The Mini's got a Gigabit Ethernet port, support for RAID 0 and 1, Active Directory Support, UPS support (to shut down in case of power failure), and best of all, runs an on-board TwonkyVision DLNA server.Link to Gadgets
Saturday, April 5, 2008
Microsoft will extend life of Windows XP--again
Microsoft said on Thursday that it will continue to allow Windows XP Home edition to be sold for a class of computers it calls "ultra-low-cost PCs." It's a category that covers machines with slower processors, smaller screens, and in many cases flash memory for storage, rather than a traditional hard drive.
Microsoft will give PC makers the option of using Windows XP or Vista on ULCPC devices, said Michael Dix, general manager of Windows client marketing.
Still, the minimal hardware used in ULCPC systems might make Vista ill-suited to such a task. The decision to discontinue Windows XP might have driven even more device makers into the hands of Linux, hence the extension.
Link
Microsoft will give PC makers the option of using Windows XP or Vista on ULCPC devices, said Michael Dix, general manager of Windows client marketing.
Still, the minimal hardware used in ULCPC systems might make Vista ill-suited to such a task. The decision to discontinue Windows XP might have driven even more device makers into the hands of Linux, hence the extension.
Link
Wednesday, April 2, 2008
Trim Down Windows to the Bare Essentials
When you're installing Windows in a virtual machine or on old, slow hardware, you want the leanest, meanest and fastest-running configuration possible. Most of the time, you want the best from your operating system, including all the bells and whistles. Other times, you don't want the default, bloated Windows installation, with every single built-in feature slowing you down. Luckily, whether you want to put Windows on a diet in a virtual machine or you want to get Windows up and running all snappy-like on older hardware, you've got a handful of excellent and free options at your disposal. Let's take a look at a few ways to trim down your Windows installation so that it takes up less space on your hard drive and eats less RAM while it's running.
Link
Link
Subscribe to:
Posts (Atom)
