A Personal Blog
Archive for May, 2004
Microsoft Anti-Virus Tips
May 21st
This is one of those ‘remember this when you get back to work’ things, mainly for me: Microsoft’s A/V tips, tricks and info sheet. Really really good.
I'd Hate to be an American…
May 21st
… no, not because I might get drafted ;-)
Because I have no idea who I’d choose in the upcoming elections. I have suspicion I’d choose Kerry, just because I know what Bush did in this term and don’t agree with 80% of it, and I think you’d be hardpressed to find someone who disagrees with everythign Bush does (Kerry) who is likely to piss off someone who also disagrees with everything Bush does (me)…
But, really, the choices are pretty crappy. So, while I might get upset if America re-elects Bush, I promise I’ll understand. And, while I’ll most likely cheer if you elect Kerry, I promise I’ll try not to say “well you voted him in” if he messes things up.
Oh, and I also promise to do my damndest to never drink American beer. Honest to God I do.
Good PR Blog
May 21st
While I’ve gotten out of the practice of simply pointing out new, good blogs, I feel this one deserves special attention, mainly because after reading it my headache felt better. Could be because of the Tylenol. Could be because of the Tylenol. Either way, I felt better.
Media Guerilla is a brand new PR and Marketing blog written by some guy I don’t know yet, but hope to know at some point.
Keep it up someguy! I swear I’ll read more after my headache’s gone (either way, I’ve subscribed to the feed, so I’ll hear more from him).
SQL Injection Protection
May 21st
Security wiseman Anil John summarizes, links to and then adds to a great article on protecting against SQL Injection attacks.
You prevent SQL Injection using the following tactics:
* Constrain the input by validating it for type, length, format and range. Remember, ALL INPUT IS EVIL, until proved otherwise!
* Use type safe SQL parameters. The parameter collection in SQL provides type checking and length validation. So if you use the Parameters collection, input is treated as a literal value and SQL does not treat it as executable code. Another point is that the Parameters collection can be used to enforce type and length checks so that values outside of the range trigger exceptions. You can use the Parameters collection with both sprocs as well as dynamic SQL.
* Use filter routines that sanitize the code by adding escape characters to characters that have special meaning to SQL. An example would be adding an escape character to the single apostrophe character. Keep in mind that these type of filter routines can be bypassed by an attacker that uses ASCII hex characters. So they should be used as just another part of your defense in depth strategy.
Blogging Great Great Great Great Great Grandfather
May 21st
Because I started blogging a year ago, I’ve been able to influence a lot of people into at least giving blogging a shot. Most have stuck with it. Most of the people I’ve influenced into blogging aren’t technical or business minded, so they aren’t anywhere near the ‘circles of blogging’ that I hang out in.
Recently, it’s been really interesting to watch one circle (that I’m not involved in grow). Nearly exponentially.
In fact, it goes something like this (names hidden to protect anonymity):
- dude I know
- friend of dude I know
- friend of friend of dude I know
- one of my friends, influenced by this guy
- a chick friend of the guy above
- a really good friend I haven't seen in years
- a longtime family friend
And, around these people have sprung up dozens of other blogs. All told, I’m aware of nearly 100 blogs in this circle (even though most of the participants, sadly, aren’t).
I know that it wasn’t just me that started all these people blogging, that’d be pompous, but it is fun when someone asks someone else “hey, do you have an Ensight?” and you hear about it ;-)
