Search this site

Co-Authored Books:
This site is dedicated to those who are serious about security - specifically, Microsoft SQL Server security. Whatever your feelings about Microsoft, the bottom line is that these servers are showing up everywhere and its time we learned how to properly secure them. At this site we do just that. We find problems, post solutions, and get the word out. If anyone tells you that security ends with the OS, they are dead wrong. Many times excellent network and host-based security has been bypassed exposing the very heart of the enterprise: all because of poor SQL Server configuration.   

"There is no 'patch' for stupidity."

Recent Blog Entries

  • SQL Server 2012 Released
    I've already created a SQL Server 2012 section to the version database for the release candidates but this is still an important milestone since now SQL Server 2012 will begin to show in production environments.  We'll keep our ears to the ground for any new vulnerabilities!   http://www.microsoft.com/sqlserver/en/us/default.aspx
    Posted Apr 15, 2012 5:38 AM by Chip Andrews
  • Direct Link to SQL Server Release Blog
    While Ken and I do our best to keep up with the SQL Server builds, occasionally we fall behind.  If you want a listing of the major releases (I don't see hotfixes here but certainly service packs and cumulative updates) see this site to double-check our index:  http://blogs.msdn.com/b/sqlreleaseservices/
    Posted Feb 13, 2012 8:04 PM by Chip Andrews
  • Printer Woes
    You ever have one of those days when you want to take your printer outside and beat it to bits with a bat (a la Micheal Bolton, Samir, and Peter from the movie Office Space)?  Well - for me - that day is TODAY!   http://www.youtube.com/watch?v=dN3v0drnTdQ   BTW - if you are a company that outsources your Helpdesk to overseas call centers - you deserve to go out of business.  There's nothing worse than sitting in a queue for an hour only to be greeted by someone who sounds like they are calling you on a tin can phone.  All emails should be answered withing 1 hour and all phone calls should be answered within 5 minutes.  Anything else is unacceptable.  
    Posted Feb 13, 2012 7:11 PM by Chip Andrews
  • Veracode reports 32% of sites subject to SQL Injection
    Checking my calender - yep - almost 2012 and we still have 32% of sites with SQL injection vulnerabilities? Wow. Anyway - good reading and should give any security consultants out there hope for future business opportunities.
    Posted Dec 9, 2011 12:24 PM by Chip Andrews
Showing posts 1 - 4 of 8. View more »

In The News