We all know that Kaspersky is a security firm and they make a very nice product, you can see a list of their products here: http://www.kaspersky.com/

What I found out today on twitter is that their site got hacked by a SQL Injection attack. The tool that was used was the Acunetix Web Security Scanner. Tools are used by admins to protect their sites but the same tools are also used by hackers to attack your site. I have written about another ...

If you try to execute xp_cmdshell on a fresh install of SQL Server 2005 or 2008 you will be greeted with the following message

Server: Msg 15281, Level 16, State 1, Procedure xp_cmdshell, Line 1

SQL Server blocked access to procedure 'sys.xp_cmdshell' of component 'xp_cmdshell' because this component is turned off as part of the security configuration for this server. A system administrator can enable the use of 'xp_cmdshell' by using sp_configure. For more information about enabling 'xp_cmdshell', see "Surface Area Configuration" in SQL Server Books Online.

...

There is code available to take advantage of the sp_replwritetovarbin heap overflow bug

In a default configuration, the sp_replwritetovarbin stored procedure is accessible by anyone. To disable this proc you can run this as an admin on the box

Before disabling this pro read BradC's comment so that you do not break replication