In response to all the Mass SQL Injection attacks this year, Microsoft approached HP and the Web Security Research Group (formerly SPI Labs) for assistance. While there was nothing they could patch, Microsoft wanted to provide tools to help developers find and fix these issues. After a month of development HP created Scrawlr.
Scrawlr (short for SQL Injector and Crawler) is a free tool that will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr was designed specifically to help protect against these mass injection attack which are using Google queries to find older web applications and automatically injection them. As such, Scrawlr crawls a websites using the same techniques as a search engine: it doesn’t keep state, or submit forms, or execute JavaScript or Flash. This Scrawl is finding and auditing the pages that would have been indexed by the search engines.
To reduce false positives Scrawlr provides proof of the vulnerability results by displaying the type of backend database in use and a list of available table names. There is no denying you have SQL Injection when I can show you table names!
Fuel costs could 'devastate' airlines, travel group says - Jun. 23, 2008
Topic: Business
7:43 am EDT, Jun 24, 2008
"Already-depleted cash reserves are dwindling fast, and unless the fuel crisis lessens, airlines face not the now-familiar protracted restructuring in bankruptcy, but outright and immediate extinction," said the report.
Maybe I should blow those miles on a trip to hawaii...
Business of Software Blog: The danger of stories - why you aren't as smart as you think you are
Topic: Business
2:57 pm EDT, Jun 23, 2008
The way we misjudge probabilities is explored by Massimo Piattelli-Palmarini in his excellent Inevitable Illusions - How Mistakes of Reason Rule Our Mind. He describes a study that Tversky and Kahneman, two cognitive psychologists, carried out in the middle of the Polish crisis in the early 1980s. They asked various political leaders and generals to evaluate the probability that the USA would withdraw its ambassador from the Soviet Union. They then asked the same people to evaluate the probability that both (a) The USSR would invade Poland AND (b) as a consequence, the USA would withdraw its ambassador from the USSR.
The generals said the second scenario was more likely than the first. If you think about it, that's nonsensical: the second scenario is a subset of the first scenario. The probability of the USSR invading Poland AND the USA withdrawing its ambassador is less likely than just the USA withdrawing its ambassador. But the generals' brains didn't spot that, and neither would yours. They heard the story, and found it more convincing than the statement.
Stories are powerful, persuasive and ever more fashionable tools. They're a great way to put across your point of view. Telling a story is often a better way to convince others than presenting dry facts, logic and analysis. If you're trying to raise capital from VCs, then you should tell a story. If you're trying to convince your boss that your new strategy will succeed, then tell a story. If you want to persuade potential customers to buy the software that you're selling, then tell them a story.
But if you're listening rather than telling then be careful. Stories can be dangerous. It's easy to construct a story - intentionally or otherwise - that buries the facts and misleads an audience.
Procrastineering - Project blog for Johnny Chung Lee: More Wiimote Projects - A Brain Dump
Topic: Technology
7:01 am EDT, Jun 23, 2008
It’s been a while since I’ve posted anything. That’s largely because I’ve been traveling a lot, giving talks, and most recently relocating to a new city. It became clear to me a while ago that I wasn’t going to get around to making more videos anytime soon. So, I figured I would make a post about the projects that I would probably make videos of if I had more free time. The content of this post has been in the talks that I’ve been giving, but I’m just sitting down to write it out now for my trusty blog readers.
Make a Presentation Like Al Gore - Wired How-To Wiki
Topic: Business
11:05 pm EDT, Jun 22, 2008
Slide show presentations are taking the world or, at least the box office, by storm. Al Gore's global warming presentation, featured in the movie An Inconvenient Truth, is probably the most successful ever produced. Since its release, the movie has strengthened the world-wide movement to prevent global warming, won two academy awards and helped Gore win a Nobel Peace Prize in 2007.
The movie is also an example of how effective a slide show presentation can be. Presentations are a powerful way to get your message across both verbally and visually.
To help us learn how to make our slide show presentations as powerful as Al Gore's, we've asked for advice from Nancy Duarte of Duarte Design, the company behind the slide show featured in An Inconvenient Truth, and author of slide:ology: The Art and Science of Creating Great Presentations. This is what she had to say about delivering a successful presentation.
