Tag Archives: security

It’s a Problem When a SysAdmin Can’t Log In

Posted on January 12, 2015 by way0utwest

I showcased a demo recently that looked at a potential issue with an application where a user used a simple update statement to gain privileged access to a system. That’s scary, and it’s a potential issue for many applications that … Continue reading

Posted in Blog | Tagged , | Comments Off on It’s a Problem When a SysAdmin Can’t Log In

Beware of Login Issues for Privileged Accounts

Posted on January 5, 2015 by way0utwest

In a recent post, I described an attack against a privileged account using a simple SQL Injection technique of updating data in a table. One of the things showed was an administrator using their user and password credentials, but being … Continue reading

Posted in Blog | Tagged , , | Comments Off on Beware of Login Issues for Privileged Accounts

SQL Injection Issues–Password Hashing

Posted on December 4, 2014 by way0utwest

I’ve got a demo for one of my talks that really highlights some issues we have with SQL Injection. It’s part of my encryption talk, and it goes like this. NOTE: I am showing a simple example here, not one … Continue reading

Posted in Blog | Tagged , , | 5 Comments

Encryption in Colorado Springs – Encrypting in the Application?

Posted on November 20, 2014 by way0utwest

Last night was my annual presentation at the Colorado Springs SQL Server User Group. I try to make sure I get down there at least once a year, and it’s been only once a year for the last few years. … Continue reading

Posted in Blog | Tagged , , , , | Comments Off on Encryption in Colorado Springs – Encrypting in the Application?