Neil Carpenter's Blog
Forefront products, WSUS, Security Incident Response, and whatever else comes up.
Incident Response: The Importance of Anti-Virus
Heading home from the CSS Security Global Summit on Friday, I got stuck in Cincinnati’s airport....
Date: 11/23/2009
SQL Injection Hijinks
or Why I Keep Harping On Blacklisting Summary: An incident reveals attempts to get around...
Date: 10/31/2008
PASSGEN
Occasionally, I see a security incident where one of the things that went wrong was that all of the...
Date: 10/22/2008
Err
I might be the last person to know this but one of my favorite internal Microsoft tools is now...
Date: 08/12/2008
Input Validation Is Not The Answer
I just sent a piece of e-mail to my team about input validation and SQL injection and it occurred to...
Date: 08/07/2008
Forefront Server Security Management Console, Templates, and Revisions
Sometimes, working in support, you come across a best practice or a bit of knowledge that is...
Date: 07/11/2008
Does This Make Me A Fanboy?
I upgraded my iPhone to the 2.0 firmware today and I've been playing with the app store all day....
Date: 07/10/2008
Antigen 9.1 Hotfix Rollup 3 and Performance Monitor
While investigating an issue where mail was queuing in the Exchange Information Store, we discovered...
Date: 07/09/2008
SQL Storm: Possible ASP.Net
I’ve had an unconfirmed report that the SQL Storm attacks are now also affecting ASP.Net...
Date: 06/04/2008
SQL Injection: Trends & Guidance
I've been working with the SWI team to write a comprehensive overview of the SQL Storm attacks with...
Date: 05/30/2008
SQLInjectionFinder
My colleague Greg, who has forgotten more about command line scripting than I will ever know, put...
Date: 05/27/2008
SQL Injection Mitigation: Using Parameterized Queries part 2 (types and recordsets)
(Part 1 is here) Previously, I provided a simple example of using parameterized queries in classic...
Date: 05/23/2008
SQL Injection Mitigation: Using Parameterized Queries
Michael Howard wrote an excellent article yesterday on how the SDL addresses SQL injection. He walks...
Date: 05/21/2008
SQL Injection -- A Comment
Kumar comments here and I think he has some questions/concerns that are worth addressing. I'm...
Date: 04/07/2008
Mass SQL Injection -- Get Used To It
It looks like another wave of the mass SQL injection I talked about last month is going on. ...
Date: 04/04/2008
Good News
The good news is that, whatever else might happen, these guys won't get pwned by SQL injection....
Date: 03/20/2008
Anatomy of a SQL Injection Incident, Part 2: Meat
Intro It would appear that the incident I wrote about yesterday is still ongoing. I've been using a...
Date: 03/15/2008
Anatomy of a SQL Injection Incident
A number of people are reporting that 10K+ websites have been hacked via a SQL injection attack that...
Date: 03/14/2008
LogParser, Event Logs, and Vista
LogParser is one of my absolute favorite tools, particularly for doing incident response. I use it a...
Date: 08/15/2007
Rating Music (iTunes Edition)
I have a large collection of music, all of which is (finally) in iTunes. I'd like to rate all of it...
Date: 08/15/2007
Detecting ARP Spoofing Attacks
After investigating an ARP spoofing incident recently, I started thinking of how we could easily...
Date: 07/05/2007
Microlending
I commute about 90 minutes a day, total, on an average day. I spend most of the commute listening to...
Date: 07/05/2007
ARP Cache Poisoning Incident
I recently worked on an interesting incident response with several of my colleagues. The problem, as...
Date: 06/28/2007
Reboot
I started blogging on MSDN back in 2004 with the best of intentions. I was working with the...
Date: 06/27/2007
It's the New Phone
I finally lost my patience with my old mobile provider last week & decided it was time for a...
Date: 10/28/2004
SMB Perf articles
I've been working a lot with file sharing performance, and I'm trying to write a few essays on those...
Date: 10/26/2004
SMB/CIFS Performance Over WAN Links
I often have customers who ask me to wrestle with the performance of SMB (otherwise known as CIFS)...
Date: 10/26/2004
Quick Figuring Optimal TCP Window Size
There generally isn't a single correct way to figure out the optimal TCP window for an interface...
Date: 10/26/2004
Conversations
My favorite cartoonist wrote something that started me thinking... “All products are...
Date: 06/02/2004
Finding Retransmits in Ethereal
With the full version of Netmon, it's relatively easy to find retransmitted packets with the expert;...
Date: 06/02/2004
Disclaimer
These postings are provided "AS IS" with no warranties, and confers no rights. The content of this...
Date: 06/02/2004
Network Sniffing Tools
Posted on my favorite network sniffing tools.
Date: 06/01/2004
Network Sniffing Tools
Intro Network sniffing is a major part of my life -- I've probably pored over, on average, a trace a...
Date: 06/01/2004
Categorizing Packet Loss
I've quite frequently run into situations where I've been asked to diagnose packet loss based only...
Date: 06/01/2004
Bio
I recently realized that I spend a lot of time writing about things that I know only a little about...
Date: 06/01/2004