Today I was checking an older server and decided to run sp_helpdb. On a bunch of databases I noticed that the owner was ~~UNKNOWN~~. The only reason I noticed this was when I tried to look at a specific database which is mirrored. I was greeted with thi…

There was a requirement to create a new user who would have only insert permissions to one table, this user would also have insert and select permissions to another table. This is pretty simple to accomplish. First create this simple database with tw…

I once did some work for a company and noticed that they were running as sysadmin. When I asked why, their answer was that the stored procedures would not work otherwise. This is very bad practice, in general I create a user, and then give execute permi…

There was a question today How to change my local sql server sa password? i would like to expand on my answer in this post Before I start I would like you to read this post by ted Krueger first: To SA or not to SA to understand why you should not be…

Every now and then you will hear how some site will use a blacklist to 'protect' themselves against sql injection. Using a blacklist is very foolish because you can't ever think of all the different ways that the bad guys will try to bypass your little…

The Apache web server comes with something called Apache Module mod_status installed From the Apache site: http://httpd.apache.org/docs/2.0/mod/mod_status.html The Status module allows a server administrator to find out how well their server is perf…

I am pretty sure that none of our readers would fall for this social engineering scam that would make you share your computer with someone else, I am writing about it because I know of one person who had a call like this but she luckily hung up. I he…

There is a nice SQL Injection Pocket Reference up on Google Docs Here is what is covered MySQL Default Databases Comment Out Query Testing Injection Strings Numeric In a login Testing Version MySQL-specific code Database Credentials Data…

Yesterday I had a little discussion with Jon skeet on twitter about the News of the world incident. @jonskeet: I'm hearing a lot about journalists behaving immorally, but nothing about the apparent lack of security of phone systems. Odd. @chrissie…

LulzSec has just announced that it is shutting down. LulzSec, so far has hacked the CIA, U.S. Senate, Nintendo, Sony and others, has surprisingly announced that it is disbanding. . /$$ /$$ /$$$$$$ .| $…