SQLServerCentral Editorial

Black Hats

,

I'm not the smartest computer guy out there. In fact, when meeting many of you and talking to you for awhile, I realize lots of you could out-program me very quickly.

There are some very, very smart programmers that can take apart code and find problems quickly and they're not all working for security vendors. And they're certainly not working for Microsoft, though maybe Microsoft should hire a few of them for QA.

I saw an article about Patches leading to exploits (ENT Magazine) and while it wasn't surprising, it did bring to light the way in which a lot of the "black hats" might think about the world. They're anticipating patches, or guessing how they might exploit a patch on Wednesday, the day after it's released on a patch Tuesday.

That's a scary thought and I'm not really sure what you can do about it. I think that Microsoft should disclose information and I like seeing security organizations give us an idea of how to protect ourselves, even at the expense of giving information to hackers. I realize Microsoft doesn't want their products to appear any less secure with more information being released, but grow up. Every piece of software has issues and if you want to be the biggest, accept you'll have lots of holes that we should know about.

At least then we have the same information as the black hats. Not that we know what to do with it, but hopefully someone at a Symantec or Verisign or even SANS will dumb things down so people like me can secure our small networks.

Live Isn't Living

Not only is Live Search not getting better, but it's getting worse. According to one survey, Live is now in fourth place behind something called "Baidu.com". That's a Chinese language search engine and it's not surprise that as China grows more technologically saavy that many searches will be taking places in their own language. And with 1/4 of the world's population, they can easily move up the chain.

However It's not every close. Google had 37 billion searches and Yahoo 8.5B, but Baidu ran 3.3B and Live ran down to fourth with 2.1B and had a Korean search engine at its heals with 2B.

Personally I think Live still stinks. In fact, it appears that Google brings back more relevant information for a search than Live. Yahoo does pretty well and might be my new favorite search engine since SQLServerCentral appears highly ranked there 🙂

As a short example, a search for "SQL Server add login" on all three engines. CREATE login for SQL 2005 comes up first in Google along with articles on adding users, password policies, and the security model. Yahoo brings us back with a "Getting Started with Logins" article, then a few other relevant artifcles,, but a lot of sites that have "SQL Server", "add", and "login" on their home pages in unrelated areas.

What about Live? First an article on 2000 logins, which is OK, then a few forum answers before they delve into other sites that have "login" on their pages. Forums seem to rank highly

Personally they all need work on throwing away some search terms from their indexing: like "Login" as a separate item on a home page. However Live team take note, "Add-ins" is not "Add". Maybe that's why they're not doing well. They're searching for character strings, not words.

Books Online

I know I've mentioned it, but the September update for Book Online is available, so update your documentation. The team at Microsoft does a great job, but there are things they always miss, so get the latest information onto your desktop.

Download this from: Books Online (September 2007 Update)

A Little Fun

Lastly, a little fun. There's a comic on SQL Injection that I saw in a bunch of blogs. It's kind of funny, but I warn you that some of the others in this series might offend you. Flip through at your own risk.

Steve's Pick of the Week
When Will People (Want To) Learn? - I tend to agree on the Seattle pick this weekend, and this is definitely worth the read.

Incompetech.com

Music for today's Podcast from Incompetech.com and Kevin Macleod. If you like what you hear, check out his collection. It's a mix of all different kinds of music.

I've mentioned it a few times and a few people have expressed interest, but if you've got a band a play music, send me in a sample for the podcast. I'd love to feature some SQLServerCentral community members showing off their talent.

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating