How do spammers get my email address?
It pays to keep your email address as private as possible, but sometimes it seems like there’s nothing you can do to keep it out of the hands of spammers.
It pays to keep your email address as private as possible, but sometimes it seems like there’s nothing you can do to keep it out of the hands of spammers.
Adam Shostack here. One of the really exciting things about being in the Microsoft Security Engineering Center is all of the amazing collaborators we have around the company. People are always working to make security engineering easier and more effective. When we talk about security testing, we often focus on what it can’t do.
You may have read recently about a large number of Web servers that were compromised through a SQL injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic  so it could compromise as many database servers as possible.
Adam Shostack here. Blogger Ian Grigg has an interesting response to my threat modeling blog series, and I wanted to respond to it.
Once again, my effort to explore common misperceptions (more recently exploring unpatched statistics) has brought out some of the common objections from those that don’t necessarily like the results.