The recent slate of attacks on IIS servers don't seem to be an attack directly against IIS or against SQL Server itself. In other words, they aren't going after vulnerabilities in the server product (either one). Rather, the attacks are targeting weaknesses in the web application which permit SQL Injection… Read more

If you're looking for the Charlotte SQL Server User Group web page, the link on the PASS HQ site is wrong. The PASS HQ site directs you here:

 http://www.sqlsig.org/

That's the site for the Detroit Area SQL Server User Group. The correct link is:

http://www.charlotte-sql.org/

I know the president… Read more

The Heroes Happen Here launch event for Charlotte, NC is tomorrow. It looks like there are still registration slots open:

Heroes Happen Here Registration

This is the launch event for SQL Server 2008, Visual Studio 2008, and Windows Server 2008. There will be a Professional Association for SQL Server booth where… Read more

Red Gate's schema comparison tool, SQL Compare, is in beta for the newest version, SQL Compare 7. You can find details and a link to download here:

Red Gate Forums: SQL Compare 7 Beta 

This version does include support for SQL Server 2008 (through CTP 6). The beta… Read more

I logged into Safari today to download some chapters I want to be able to review when I'm offline. I saw in the new titles there's a forthcoming book called SQL Server Forensics Analysis and it's by one of my co-authors from How to Cheat at Securing SQL Server 2005 Read more

The SQLSaturday in Jacksonville, Florida, will be held May 3, 2008. I'm on track now to give two security based presentations:

• Protecting Your SQL Server From Treasure Seekers: This presentation is geared for system administrators, DBAs, and developers and covers the "low-hanging fruit" of keeping SQL Server and the…

Read more

I'm still working on getting all of my tools and apps onto my new laptop, which is running Vista Ultimate. I downloaded the latest version of MySQL Community Edition and proceeded to install it. I didn't consider the effects of User Account Control (UAC) on the installation. I should have,… Read more

Going through the Microsoft KnowledgeBase updates, I saw this one:

An SPN for the SQL Server Browser service is required when you establish a connection to a named instance of SQL Server 2005 Analysis Services or of SQL Server 2005

The situation occurs when the client is connecting to a… Read more

MVP Andy Leonard has written a nice post about how the dynamics changed on a project team. Most of it centered around a PM who overstepped his role and then played the usual game to cover his own shortcomings. However, said PM straightened up, albeit after a contentious meeting which… Read more

Looks like my family and I will make the trek down to Jacksonville in May for SQLSaturday. One of my submitted presentations was selected, Trigger Happy Database Security. It'll focus primarily on the use of triggers to audit and manage SQL Server, to include DDL and logon triggers.… Read more

This is a meeting reminder about our next PASS meeting scheduled for April 3, 2008. It will once again be held at Training Concepts. We’ll start the meet and greet at 6:15 PM and look to get rolling into the actual meeting by 6:45 PM at the latest. If… Read more

I'm a little late on this one, but Cesar Cerrudo has announced he's going to demonstrate exploits to Windows Server 2008, IIS 7.0, and SQL Server at the Hack in the Box conference in Dubai:

Windows Server 2008, Still not totally secure 

The Windows Server 2008 exploits appear… Read more