No Image

A Call for Better Coordinated Vulnerability Disclosure

2015-01-12 KENNETH 0

For years our customers have been in the trenches against cyberattacks in an increasingly complex digital landscape. We’ve been there with you, as have others. And we aren’t going anywhere.  Forces often seek to undermine and disrupt technology and people, attempting to weaken the very devices and services people have come to depend on and trust. Just as malicious acts are planned, so too are counter-measures implemented by companies like Microsoft. These efforts aim to protect everyone against a broad spectrum of activity ranging from phishing scams that focus on socially engineered trickery, to sophisticated attacks by persistent and determined adversaries. (And yes, people have a role to play – strong passwords, good policies and practices, keeping current to the best of your ability, detection and response, etc. But we’ll save those topics for another day).      With all that is [ more… ]

No Image

Evolving Microsoft's Advance Notification Service in 2015

2015-01-09 KENNETH 0

Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels. This desire to improve is why customers may have seen us introduce myBulletins to provide bulletin reports tailored to customer preferences, discontinue the Deployment Priority matrix in favor of the Exploitability Index, modify the Exploitability Index to account for more threat scenarios, simplify security bulletin content to help customer understanding, and create a centralized glossary for bulletin definitions. The change being announced today fits within that context. We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information [ more… ]

No Image

그누보드 bbs/list.php 개선방안

2014-12-22 KENNETH 0

출처 : 정확한 출처는 확인이 안되고 neojzs 라는 분이 그누보드 커뮤니티에 올리 신 것으로 추정됨 파일명 : bbs/list.php // 원글만 얻는다. (코멘트의 내용도 검색하기 위함) $sql = ”select distinct wr_parent from $write_table where $sql_search”; $result = sql_query($sql); $total_count = mysql_num_rows($result); // neojzs 최적화 : 20080621 // 원글만 얻는다. (코멘트의 내용도 검색하기 위함) $sql= ”select count(distinct wr_parent) as cnt from $write_table where $sql_search”; $row = sql_fetch($sql); $total_count = $row[cnt];

No Image

IIS의 ASP페이지에서 데이터베이스 연결을 만드는 방법

2014-12-13 KENNETH 0

출처 : http://support.microsoft.com/kb/300382/ko IIS의 ASP페이지에서 데이터베이스 연결을 만드는 방법 데이터베이스에 연결하는 방법은 여러 가지가 있습니다. 이 문서에서는 다양한 종류의 데이터베이스와 데이터베이스 연결에 대한 예제 연결 문자열에 대해 단계별로 설명합니다. 요구 사항 다음은 데이터베이스 연결을 위한 요구 사항입니다. MDAC(Microsoft Data Access Components) 버전 2.5 또는 2.6(Jet 데이터베이스 엔진 포함)이 있고 ASP(Active Server Pages)를 사용하는 IIS(인터넷 정보 서비스) 버전 5.0 웹 서버 로컬 또는 원격 데이터베이스로의 연결 ASP 사용 Microsoft Internet Explorer 버전 5.0 이상 예제 데이터베이스 연결 문자열 다음 예제는 설명 목적으로만 제공됩니다. 특정 데이터베이스로 연결하려면 이 코드를 작성 중인 ASP 코드에 붙여 넣어야 합니다. 데이터베이스 이름, 서버 이름, 데이터베이스 위치, DSN(데이터 원본 이름) 등의 요소는 해당 정보로 바꿔야 합니다. Microsoft Access DSN이 없는 경우 <% Set Cnn = Server.CreateObject(”ADODB.Connection”) Cnn.open ”DRIVER={Microsoft Access Driver (*.mdb)};DBQ=c:\mydatabase.mdb” %> OLE DB <% Set Cnn = Server.CreateObject(”ADODB.Connection”) Cnn.open ”PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=c:\mydatabase.mdb” %> 파일 DSN <% Set Cnn [ more… ]

No Image

December 2014 Updates

2014-12-10 KENNETH 0

Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange. We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate XI, a full description can be found here. We re-released two Security Bulletins: MS14-065 Cumulative Security Update for Internet Explorer MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution  One Security Advisory was revised: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801).  For the latest information, you can follow the MSRC team [ more… ]