【正文】 hot fixes ? Subscribe to the Security notification service tech/treeview/?url=/tech/security/bulletin/ ? Use HFCHECK /HFNETCHK tech/security/tools/tools/ ? Query Windows Update Stay Informed Security: A way of life ? Remain informed, vigilant, and educated! ? Audit ? Eventlog ? Monitor ? IIS Logs ? Make a plan for what needs to be done when ? A new security bulletin is released ? Hacked ? Do backups ? Use tools to detect intrusions ? URLSCAN 如果不幸被黑了 … ? Remove infected machines from the Net ? Forensics ? Take an image。 mov byte ptr [ebp0Eh],39。 var oRS = new ActiveXObject()。1 SELECT count(*) FROM client WHERE name=39。amp。 and pwd=39。 delete oConn。 … demo Buffer Overflow 解決方法 ? strcpy ? strcat ? memcpy ? sprintf ? memcpy ? memset ? gets ? sscanf ? read ? strstr ? strrev ? … ? Validate all inputs ? See “Writing Secure Code” by Michael Howard and David LeBlanc ? Doublecheck or don’t use unsafe functions SQL Injection And again: All input is bad! if (isPasswordOK((name),(pwd))) { (Authenticated!)。 mov byte ptr [ebp13h],39。h39。e39。 ()。139。y)4Hi=Qw839。b39。 (strSQL,oConn)。139。 Find out how the hacker did it ? Check with vendors for new vulnerabilities ? Check log files ? Examine