Neil Carpenter's Blog

Forefront products, WSUS, Security Incident Response, and whatever else comes up.

Incident Response: The Importance of Anti-Virus

Heading home from the CSS Security Global Summit on Friday, I got stuck in Cincinnati’s airport....

Date: 11/23/2009

SQL Injection Hijinks

or Why I Keep Harping On Blacklisting Summary: An incident reveals attempts to get around...

Date: 10/31/2008

PASSGEN

Occasionally, I see a security incident where one of the things that went wrong was that all of the...

Date: 10/22/2008

Err

I might be the last person to know this but one of my favorite internal Microsoft tools is now...

Date: 08/12/2008

Input Validation Is Not The Answer

I just sent a piece of e-mail to my team about input validation and SQL injection and it occurred to...

Date: 08/07/2008

Forefront Server Security Management Console, Templates, and Revisions

Sometimes, working in support, you come across a best practice or a bit of knowledge that is...

Date: 07/11/2008

Does This Make Me A Fanboy?

I upgraded my iPhone to the 2.0 firmware today and I've been playing with the app store all day....

Date: 07/10/2008

Antigen 9.1 Hotfix Rollup 3 and Performance Monitor

While investigating an issue where mail was queuing in the Exchange Information Store, we discovered...

Date: 07/09/2008

SQL Storm: Possible ASP.Net

I’ve had an unconfirmed report that the SQL Storm attacks are now also affecting ASP.Net...

Date: 06/04/2008

I've been working with the SWI team to write a comprehensive overview of the SQL Storm attacks with...

Date: 05/30/2008

SQLInjectionFinder

My colleague Greg, who has forgotten more about command line scripting than I will ever know, put...

Date: 05/27/2008

SQL Injection Mitigation: Using Parameterized Queries part 2 (types and recordsets)

(Part 1 is here) Previously, I provided a simple example of using parameterized queries in classic...

Date: 05/23/2008

SQL Injection Mitigation: Using Parameterized Queries

Michael Howard wrote an excellent article yesterday on how the SDL addresses SQL injection. He walks...

Date: 05/21/2008

SQL Injection -- A Comment

Kumar comments here and I think he has some questions/concerns that are worth addressing.  I'm...

Date: 04/07/2008

Mass SQL Injection -- Get Used To It

It looks like another wave of the mass SQL injection I talked about last month is going on. ...

Date: 04/04/2008

Good News

The good news is that, whatever else might happen, these guys won't get pwned by SQL injection....

Date: 03/20/2008

Anatomy of a SQL Injection Incident, Part 2: Meat

Intro It would appear that the incident I wrote about yesterday is still ongoing. I've been using a...

Date: 03/15/2008

Anatomy of a SQL Injection Incident

A number of people are reporting that 10K+ websites have been hacked via a SQL injection attack that...

Date: 03/14/2008

LogParser, Event Logs, and Vista

LogParser is one of my absolute favorite tools, particularly for doing incident response. I use it a...

Date: 08/15/2007

Rating Music (iTunes Edition)

I have a large collection of music, all of which is (finally) in iTunes. I'd like to rate all of it...

Date: 08/15/2007

Detecting ARP Spoofing Attacks

After investigating an ARP spoofing incident recently, I started thinking of how we could easily...

Date: 07/05/2007

Microlending

I commute about 90 minutes a day, total, on an average day. I spend most of the commute listening to...

Date: 07/05/2007

ARP Cache Poisoning Incident

I recently worked on an interesting incident response with several of my colleagues. The problem, as...

Date: 06/28/2007

Reboot

I started blogging on MSDN back in 2004 with the best of intentions. I was working with the...

Date: 06/27/2007

It's the New Phone

I finally lost my patience with my old mobile provider last week & decided it was time for a...

Date: 10/28/2004

SMB Perf articles

I've been working a lot with file sharing performance, and I'm trying to write a few essays on those...

Date: 10/26/2004

I often have customers who ask me to wrestle with the performance of SMB (otherwise known as CIFS)...

Date: 10/26/2004

Quick Figuring Optimal TCP Window Size

There generally isn't a single correct way to figure out the optimal TCP window for an interface...

Date: 10/26/2004

Conversations

My favorite cartoonist wrote something that started me thinking... “All products are...

Date: 06/02/2004

Finding Retransmits in Ethereal

With the full version of Netmon, it's relatively easy to find retransmitted packets with the expert;...

Date: 06/02/2004

Disclaimer

These postings are provided "AS IS" with no warranties, and confers no rights. The content of this...

Date: 06/02/2004

Network Sniffing Tools

Posted on my favorite network sniffing tools.

Date: 06/01/2004

Network Sniffing Tools

Intro Network sniffing is a major part of my life -- I've probably pored over, on average, a trace a...

Date: 06/01/2004

Categorizing Packet Loss

I've quite frequently run into situations where I've been asked to diagnose packet loss based only...

Date: 06/01/2004

Bio

I recently realized that I spend a lot of time writing about things that I know only a little about...

Date: 06/01/2004