where's the salt?

Archive for August, 2008

I’ve posted the initial script from http://www0.douhunqn.cn/csrss/w.js in Part 1, but for those who either can’t or rather won’t load it themselves, here’s an outline of what it does, and the other files it loads and accesses. All scripts in this post are images (they are screenshots so they will not harm your computer in […]

While the most recent SQL injection attack attempts are targeting MSSQL servers, chances are other databases will be targeted soon. Of course it is and always has been good practice to double-check input, but maybe these attacks were the wake-up call some developers needed. Basically every programming language is vulnerable, it is up to the […]


SQL injection attacks: Part 2: Answers (6,313 views)

While the effect yesterday’s post had was unintentional (I only wanted to complain about the effect those requests have on our and our clients’ server statistics), it seems that a lot more people than I would have anticipated are affected and are looking for answers. So in this post, I am trying to provide help […]


SQL injection attacks: no end in sight? (31,050 views)

Just when I thought it would be over, there seems to be yet another massive wave of SQL injection attacks – presumably from newly infected servers. UPDATE (8-23-2008): Looking for answers? Check Part 2 UPDATE (8-25-2008): Securing your forms to prevent future attacks

It seems the less I am looking for examples of bad grammar, atrocious spelling and other disasters, the more I seem to find. Maybe they should hire a team of real copywriters… Because they would have spotted the missing apostrophe as well. Or somebody else who will tell them that proofreading is everything, especially when […]


Over-achievers… Competition II (12,365 views)

Sometimes all it takes is one short sentence to sum up the quality of someone’s work: This is how they describe their work. They’re looking for partners. Anyone?


Dynamic Keyword Insertion Gone Wrong (2,407 views)

The best things usually happen when you least expect them. Like today, when I’m innocently surfing and searching for servers. Dynamic Keyword Insertion sure has its pitfalls: Ooops.


Google AdWords Phishing Emails (3,225 views)

This morning, I woke up to a frantic email forwarded to me from an AdWords client: +++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: Google AdWords [mailto:reactivation@google.com] Sent: 26 June 2008 11:29 To: [Client Name] Subject: Your ads have been suspended. ————————————– Dear Advertiser, We were unable to process your payment. Your ads will be suspended soon unless we can process […]


Google Quality Score and Excel fun (3,487 views)

I really like my toys. If they are geeky. Like Excel. Yes, I admit it, I actually like Excel. Excel 2007 particularly has some neat features. One gimmick I especially favor when working with keywords and AdWords: Color Scales in Conditional Formatting. It makes visualizing data a lot easier, everybody knows how boring hundreds of […]

Checking on the competition is part of our business. And as long as the competition keeps supplying us with amusing slogans, we will be in business (this is an actual screenshot taken this afternoon from an unnamed competitor’s website): Just what I was looking for.. Free Consulation.