NOTE FROM THE EDITOR
Welcome to November's Security Newsletter! The focus of this month's newsletter is data and database security.
To help you understand how attackers are using SQL injection attacks to attempt to exploit database applications, we published a section in the latest Microsoft Security Intelligence Report (SIR) focused on this topic. Microsoft uses a number of methods to detect and track websites that have been victimized by certain classes of automated SQL injection attack. The latest SIR shows you how different top level domains were affected in the first half of 2010. The report also provides solid guidance on how to guard against SQL injection.
I also recommend that you read this month's Security Tip of the Month for some useful mitigation guidance.
Tim Rains, Group Product Manager, Microsoft Trustworthy Computing
Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape.