Privacy and search engines

It is no secret that search engines keep track of searches made. Any website logs accesses and most websites track your activity via cookies for reasons involving both your benefit and that of the site you’re accessing. You may be surprised to find out that even video players used for online videos come with their own…


Finding information about which account xp_cmdshell is running as

If you ever needed to debug a permission related issue when using xp_cmdshell, you have probably realized that a crucial piece of information is about what particular account xp_cmdshell is executing under. If you are the administrator of the database, you already know the context used by xp_cmdshell, but otherwise you may not have that…


bing adds twitter integration

See it work at:  [UPDATE 10/22/2009]: Reactions:  


New attack on AES-256

A new attack improves significantly on previous attacks against AES-256, see: This doesn’t mean that AES-256 is broken yet, but the surprising bit here is that AES-128 is not susceptible to this particular attack. Don’t panic if you are using AES-256 and read Bruce Schneier’s commentary carefully – for example, note that the attack is against a…


SQL Injection watch blog

I was looking for information on a new SQL injection attack when I stumbled upon this very useful blog: It’s worth a look from time to time, to get an idea of what attacks are going on in the wild.


Basic SQL Server Security concepts: ownership, CONTROL, TAKE OWNERSHIP

I realized today that while I have discussed earlier object permissions, I have not gone into the details of object ownership. I want to cover the following here: ownership of objects, how it can be changed, and the relatively new permission CONTROL (introduced in SQL Server 2005). Ownership: This should be pretty clear – the owner of an object is…


TechCrunch anatomy of the Twitter attack The first step of registering an old email account to receive the password from a current account was a nice and easy way to break into an email acount. After that, things pretty much fell like dominoes, but it’s nice to see how inconspicuous a smart attacker can be. This story also reminds us the painful fact…


bing has launched!

I haven’t posted anything new for some time, but now I have some news related to my current area of work: bing is Microsoft’s new search engine, it has launched yesterday, and you can now find it at Give it a try and let me know what you think about it.