OSR Network Changes

Peter_Viscarola_OSR · July 24, 2009, 1:42pm

Please bear with us while we make a number of changes to the network that supports OSR Online and the List Servers.

We’re working through the process of tuning a new Intrusion Prevention System (IPS), which can be initially very annoying. For example, we discovered earlier today that the IPS was blocking any posts to the lists via the web interface that happened to include a word that could be part of a SQL command (no, I’m not kidding).

ANYhow, if you notice weird problems continuing beyond a few days, please don’t hesitate to call them to the attention of the List Slaves.

Thanks and sorry for any undue annoyance,

Peter
OSR

Chris_Aseltine · July 24, 2009, 2:04pm

Peter Viscarola (OSR) wrote:

For example, we discovered earlier today that the IPS was
blocking any posts to the lists via the web interface that
happened to include a word that could be part of a SQL
command (no, I’m not kidding).

Hey, that’s cool man…') drop table NTDEV_Posts

Peter_Viscarola_OSR · July 24, 2009, 2:15pm

Wouldn’t have been half bad, but the rule by default included ANY words that could be part of a SQL command. Like, ah, “LIKE”. Or, ah, “OR” and, hmmm, “AND”.

Nicely designed, really. And that’s the “recommended” profile. I can’t even imagine what the “super paranoid” profile does

Peter
OSR

Don_Burn_1 · July 24, 2009, 2:16pm

That obvious, if the post has words in it reject it.

Don Burn

wrote in message news:xxxxx@ntdev…
> Wouldn’t have been half bad, but the rule by default included ANY words
> that could be part of a SQL command. Like, ah, “LIKE”. Or, ah, “OR” and,
> hmmm, “AND”.
>
> Nicely designed, really. And that’s the “recommended” profile. I can’t
> even imagine what the “super paranoid” profile does
>
> Peter
> OSR
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4274 (20090724)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>

Information from ESET NOD32 Antivirus, version of virus signature database 4274 (20090724)

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

Peter_Viscarola_OSR · July 24, 2009, 2:20pm

The only truly secure system is the one that’s entirely inaccessible (physically and logically).

Anything else is a compromise. For the sake of the community, I’m thinkin’ that we’re willing to take the risk of people putting the word “and” in their posts. I know, I know… it’s taking a chance. But that’s just the kind of folks that we are.

Peter
OSR

Pavel_A1 · July 24, 2009, 2:54pm

wrote in message news:xxxxx@ntdev…
> Wouldn’t have been half bad, but the rule by default included ANY words
> that could be part of a SQL command. Like, ah, “LIKE”. Or, ah, “OR” and,
> hmmm, “AND”.
>
> Nicely designed, really. And that’s the “recommended” profile. I can’t
> even imagine what the “super paranoid” profile does
>
> Peter
> OSR

Well… keep outsourcing software development and testing to
places where English is used only in sql. This is the natural result.

–pa

anton_bassov · July 24, 2009, 3:01pm

Peter,

I’m thinkin’ that we’re willing to take the risk of people putting the word “and” in their posts.

What about “from” and “where”??? Are they allowed as well???

Anton Bassov

Peter_Viscarola_OSR · July 24, 2009, 6:30pm

They are now… they weren’t last night, though.

Peter
OSR

anton_bassov · July 24, 2009, 6:56pm

> They are now… they weren’t last night, though.

I know - I tried to post to NTTALK quite a few times last night. The one where I replied to your question about problems with posting went through flawlessly, but all others failed and did so with the same error, i.e. connection was getting reset immediately after I was hitting “Post” button. Apparently, the one that got through was just too short for having SQL keywords in it…

Anton Bassov

Gary_Little-3 · July 24, 2009, 8:29pm

And god forbid if anyone uses “select” …

The personal opinion of
Gary G. Little

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Friday, July 24, 2009 2:02 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] OSR Network Changes

Peter,

I’m thinkin’ that we’re willing to take the risk of people putting the
word “and” in their posts.

What about “from” and “where”??? Are they allowed as well???

Anton Bassov

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Alex_Grig · July 27, 2009, 6:15pm

I’d call it “cargo cult security”.