Seems there’s a lot of ColdFusion sites out there getting hit by an automated SQL Injection attack, which adds a “<script>” tag to varchar fields using a bit of SQL Server t-sql. Many years ago, I wrote a script that would find and automatically <cfqueryparam> queries (which has been at Daryl’s ColdFusion Primer. I’ve dug [...]

We find people placing Windows servers “naked” on the Internet with frightening regularity. Without any sort of firewall or packet filtering protection, these machines make very easy targets for hackers. Even if you have a firewall, adding host-based packet filtering adds an additional layer of protection, though in that case you’ll have to decide for yourself if the [...]

The pejorative saying “good enough for government work” surely doesn”t apply to these security policies and settings compiled by NSA — these are more than good enough! This is a collection of documents for locking down IIS, domains, and other aspects of Windows networks and application infrastructures.