Microsoft IIS blamed for mass SQL injection attacks

Posted on April 28, 2008 by LoneTechie

So in the past week slashdot has made two post over this including many other sites.  Apparently there is a bot running the net attempting sql injection on a specific brand of sites.  Nothing to write home about correct?  This one is nothing particularly special in that if your asp page is open to sql injection and you run MSSQL server you are open to the bot.  The bot floods the database with a specific javascript include which runs malicious code when it is pulled from the database.

What is particularly annoying with all of this is that bad coding practices are the root cause for all of this.  You have sites like slashdot blatantly spinning the issue around on Microsoft.  Sorry, I have criticisms of MS just like everybody else, but this is flat our preventable by sanitizing your queries.  Instead of writing a sensationalist post spouting big 6 digit numbers and throwing around the word vulnerability, how about trying to understand the problem.  When I first saw this article being a webmaster I naturally wanted to find out why the REAL issue was instead of wading through a page of spin. 

If you want the REAL story on what this is all about read this well written explanation of the problem.

Posted in coding, web | Tagged , , , | Leave a comment

Cool space images from NASA

Posted on March 27, 2008 by LoneTechie

I’m just throwing this out there for those interested in space flight.  Nasa has a great gallery called Image of the day that makes for great desktop backgrounds.  The images are current, some are less than 24 hours old if you check during a current mission.

Posted in misc | Tagged , , , | Leave a comment

3d head tracking with Wii

Posted on March 22, 2008 by LoneTechie

Not sure how I missed this video this year, but mark my words, this will be the next big thing in gaming after the Wii.  I would look for nintendo to be the one to pull it off.  Very very cool though.

Posted in gaming | Leave a comment

ASPimage to Imageglue Wrapper class

Posted on March 22, 2008 by LoneTechie

Well, I have talked about it for 3 weeks now, here it is.  I am releasing my Imageglue wrapper class for ASPimage.dll.  This is near complete replacement for aspimage.dll.  Please read my previous post on the issue regarding W3wp.exe and dllhost.exe crashing. 

If you are using ASPimage in a production environment I highly recommend the superior component from websupergoo.com called imageglue.  This wrapper allows you to use your aspimage code and use imageglue as the driving component instead. 

I have not had a lot of time to work on this.  It has most of the corresponding functions you need to use aspimage.  If there continues to be a lot of interest in this I will look into completing it.  This code is in production right now and has generated about 3,000 images already!

gplv3-88x31.pngclassimage.asp

Posted in coding | Tagged , , , , | 6 Comments

Javascript 2.0

Posted on March 22, 2008 by LoneTechie

Jeremy Martin posted up a nice run down of the proposed Javascript 2.0 spec:

Well I suppose it’s an undeniable fact about us programmer-types – every now and then we just can’t help but get excited about something really nerdy. For me right now, that is definitely JavaScript 2.0. I was just taking a look at the proposed specifications and I am really, truly excited about what we have coming.

This is a pretty big deal all in all.  Web 2.0 and AJAX type sites are all driven with javascript.  Looking over some of the proposed additions it should be something to look forward to!

Posted in coding | Tagged , , , | Leave a comment