Miles Associates LLC

Microsoft Security Advisory (954462): Rise in SQL Injection Attacks Exploiting Unverified User Data Input

Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine.

Mitigating Factors:  This vulnerability is not exploitable in Web applications that follow generally accepted best practices for secure Web application development by verifying user data input.

 This doesn’t seem appropriate, so I hope it’s not true and is just some hysteria.  I would expect that all published info could to be taken into account in a hiring decision.

Employers who check out job candidates on MySpace could be legally liable | View from the Cubicle | TechRepublic.com
If a potential employer uses a social networking site to check out a job candidate and then rejects that person based on what they see, he or she could be charged with discrimination.

Microsoft Security Bulletin Summary for June 2008
This bulletin summary lists security bulletins released for June 2008.

 Mapping_Mal_Web.pdf

 Here’s a technique that works some of the time to solve one of the most pesky problems…

A simple fix for Microsoft Update problems | Tech of all Trades | TechRepublic.com

Microsoft Windows … One of the endearing and annoying features of this ubiquitous OS is the monthly patch update process. Most of the time it occurs seamlessly. It just kind of works in the background when you’re not looking. However, there are times when it rears its ugly head and demands attention.

 This is a great article with lots of real-world technology and product reviews and advice.  Look especially at CIO and author John Halamka’s “self pilot” partway down the page.

How I Learned to Stop Worrying and Love Telecommuting
…Given these facts, [the author believes] IT leaders are obligated to explore the entire spectrum of flexible work arrangements including telecommuting, homesourcing (a combination of outsourcing and telecommuting), virtual teams, and replacing travel with teleconferencing. Staffing an office from 8 a.m. to 5 p.m. doesn’t make sense if it requires employees to spend hours in traffic.