SQL Injection still huge threat!

A recent article about how Petco not only was found to be vulnerable to a SQL Injection attack, but also got fined for the false claims this realization cast on their privacy policy just goes to show that no matter how much we talk about it, SQL Injection remains a huge risk.

But the stakes have been raised in the last year.  Now messing up your companies security has legal consequences that start out with fines and can go all the way up to criminal liability and jail time! 

C Sharp Group of Greater Boston Event

On December 7th the C Sharp Group of Greater Boston will host a potluck dinner with two focused discussion groups at the Waltham, MA Microsoft Office.


Robert Hurlbut will lead the discussion on development strategies during the first hour. This topic includes test driven development, developing as non admin, use of virtual machines, etc. Robert is an excellent speaker and very knowledgable about this and related topics!


Then during dinner, Nabil Benchkroun will lead a discussion on ASP.NET tips tricks and traps. Nabil is a regular attendee and contributor to our group and has considerable real world experience with ASP.NET.


Both will be more discussions than presentations so bring your questions, or your answers, and share with us all. If you want to eat then please bring as much food as you want to eat yourself, and a food item for each dessert, or else it will be our holiday dessert event. Diversity in food will be considered a plus!


Make sure you get there if you can!

Dell paying attention to Security…

Dell has launched a website designed to help small businesses deal with all the security challenges.  The site seems good, but the performance was so bad at one point that I can’t decide whether that means it is a resounding success or a dismal failure.

It is very much aimed at selling more product.  When you click on the spyware link it doesn’t mention any of the free products that solve the problem, just the ones you can buy from Dell.

The sites advice is a bit behind the times (doesn’t mention pass phrases under the password section), but if you just want to point someone to a place where they can self help on security using a name they will likely trust then this might be a useful link.

Code Camp Franklin Style!

Carl Franklin and the New England office of Microsoft are putting on another edition of the Code Camp event.  This time it is a mini-Code Camp with Carl doing the one man band thing all about VB.Net.

If you can make it to the MS Waltham office on January 23rd then you should.  Registration is already online here.

Carl is one of my favorite speakers.  If you haven’t seen him before then don’t miss this, if you have then I don’t have to encourage you!

Clusters without LM Hash

A common bit of advice bandied about lately (by Jesper Johansson of MS, me, and others in and out of MS) is to turn off LM Hashes on your Windows systems and networks.  This is great advice, but there is a proviso.  Some things depend on LM Hashes to work.  Most of them are not an issue, like the fact that Windows 95 and Windows 98 shares stop working.  I don’t recommend using Windows 95/98 as file servers anyways.  The problem is that Windows Clustering stops working.  This is a big one.  I realized recently that the knowledge base article that describes how to deal with this small wrinkle got “archived” by MS and was therefore unavailable.  I did some digging and as of today the article has been reinstated due to my prodding.

So, this post is to welcome KB article 828861 back to the land of the living and to make sure everyone knows how to find it for reference.  The advice in it is quite straight forward, but it always helps to point bosses or clients to words written by the platform vendor.

Happy LM Hash Free Clustering!