microsoft ole db provider

If you've been to ToorCon or read The Register lately, you probably learned that Microsoft publicly announced not to prosecute flaw finders, or hackers that find flaws in Microsoft's network. They've been doing this since 2007, but now it's official. I think that is the right step, and a clear sign that it's important to thank hackers for their finds. basically it's a win-win situation, everyone benefits from it. While this made public I reveal a serious flaw I found on the Microsoft domain about a month ago. I took the effort to contact Microsoft, because it's wasn't some trivial XSS hole.  read more »

I read an article that talked about a hack attempt on the website from the metropolitan police [1], better known as Scotland Yard. Apparently it got defaced [2], the attackers placed a silly picture of a greenish cuddly monster and a message mocking Scotland Yard's anti-terrorism unit. The Register talks about an insecure Windows server. The truth is far more numbing than you would expect, I go for SQL injection because this way it would be very easy to modify their CMS. And this probably happened, since it was not a complete index defacement.  read more »