Why would you have to re-index a table in a SQL database?Indexes fragment over time as records are inserted and others are deleted.This can cause performance problems with large databases.
Here is a stored procedure that I have created and find to be very useful for rebuilding all indexes in a database.
SETANSI_NULLSON
GO
SETQUOTED_IDENTIFIERON
GO
-- =============================================
-- Author:NovCon Solutions LLC.
-- Create date:7/5/2010
-- Description:Rebuid all Index's and update statistics
-- =============================================
CREATEPROCEDURE [dbo].[Rebuid_all_indexes]
AS
BEGIN
SETNOCOUNTON;
CREATETABLE #temp
(tablename sysname,
row_count int,
reserved_size varchar(16),
data_size varchar(16),
index_size varchar(16),
unused_size varchar(16))
INSERT #temp
EXECsp_msforeachtable'sp_spaceused "?"'
DECLARE @tablename varchar(255)
DECLARE @sql varchar(500)
DECLAREtablecursor CURSORFOR
SELECT tablename FROM #temp
OPEN tablecursor
FETCHNEXTFROM tablecursor INTO @tablename
WHILE@@FETCH_STATUS=0
BEGIN
/*Rebuild all indexes then update query optimization statistics */
SET @sql='ALTER INDEX ALL ON '+ @tablename +' REBUILD '+
I know they wouldn't try this stuff if it didn't work on some unsuspecting souls out there. If you don't know by now, any message (whether by email, instant messaging, social networking or other communication medium) that promises to show you porn if you only download an executable file (either claiming to be the porn itself, or a codec enabling you to view the porn) is almost certainly malicious. Case in point, the last 10 files captured by Minotaur's maltweet/exetweet engine.
For that matter, be weary of any executables sent to you in such messages. And if you ever have a question on if a file is malicious, send it to a service like VirusTotal or NoVirusThanks to scan it just in case.
NovCon's latest project is now online, a system that is designed to track the distribution of executable links on twitter, hoping to make Twitter less of a great medium for the distribution of malware. It is certainly not all-encompassing and it has a long way to go as a work-in-progress, but you can view the new system here: http://novcon.net/exetweet
We welcome any comments or suggestions:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
While searching through my YouTube feeds, I came across a series of videos from use languy99 (whose videos we've featured before) called "Security for Dummies". We posted an article a while back on Security 101, and it's been a common theme for us. So this video series is timely, and I thought I would share them here. If you like these, make sure to check out his other videos and subscribe to his feed here. Even since I've been typing, he's posted another.
I believe one of the biggest problems facing the security industry is the poor education of the masses when it comes to being safe, so we support anyone pushing out the basics like this. Though, needless to say, "the opinions expressed in these videos do not necessarily represent the views of NovCon", especially in video 4...
Often I find myself trying to explain to people the dangers of trojan backdoors like poison-ivy to users who don't work in the IT security field. There are so many misconceptions out there about the threat and how wide-spread and commonplace it actually is. Part of the reason it is so hard for them to understand the nature of the threat is the false belief that to create a backdoor and distribute it takes some extreme amount of skill and effort, that users feel would be wasted in going after them, versus "bigger" targets like financial institutions, government networks, or some other mystical/magical "them".
The truth, however, is much more alarming. It is not a case of few exploits that must be used sparingly against a few high-profile targets. In fact, that's not how it works now anyway. The attackers aren't going after the institutions as much as they are the institution's customers. Even though it is one-by-one, it is far more profitable, and harder to prevent, and in some ways, less ways to be caught. Zeus and all its infections are a great example of this.
It is also a myth that it takes an enormous amount of skill or effort to produce the trojans or payloads, or to engineer the attacks overall. In fact, it does not. The applications that create these malware instances are called RATs (Remote Administration Toolkits) and they are freely available with plenty of documentation and tutorials.
One more thing I don't think is widely understood is the capabilities these tools have. We are no longer talking about some nuisance virus that infects a few files on your machine and denies you access to some resources. We are talking about code that is using your computer to commit crimes, hack other machines, send spam and phishing attacks and launch massive distributed denial-of-service attacks.
The attackers have access to your files, your connection, your webcam, microphone, desktop/console itself, and anything you have access to when you physically sit in front of your computer. These criminals can and do spy on their victims, not just in online transactions, but through the use of the webcam and microphone, they connect real lives to online identities. Think of what you do or say around your computer, what you discuss with your family, what sensitive information is shared. Maybe the dates you will be out of town, or the name of the school your kids go to, or account numbers, socials, maybe a job description that tells the criminals what information you might have access to.
To drive the point home, NovCon has collected a number of videos on a few examples of these RATs from around the net and is providing them here, on novcon.tv. The purpose is not to instruct the bad guys on how to do this. Believe me, there are enough internet destinations to that end as it is. Instead, it is hopefully to open either your eyes, or the eyes of someone you know on just how prevalent and pervasive this threat is, and how easy it is to carry out.
Below are just a few of these videos, organized by the toolkits they are about. One thing you should pay attention to: how young the voices are in some of the narrated videos.
We hope you find this information useful and enlightening. This is why we fight.
The videos above are from a variety of sources online and do not in any way reflect the values, goals, ideals, opinions or views of NovCon Solutions LLC.
NovCon Solutions is more than happy to share what we've learned with your organization. If you are interested in having us speak to your group, please call 1.877.887.4041 extension 101
Two new offerings on the street, Panda's Cloud Antivirus [novcon.tv video link] and Immunet Protect function by sharing information between its users. When suspicious activity is determined on one machine, attributes or signatures can be shared very quickly to all other users of the product. But Immunet has a unique model. Rather than replacing your current antivirus, Immunet Protect supplements it with its cloud-based abilities. This echoes the multi-engine functionality found in some security suites, such as Trustport [novcon.tv videos]. According to my understanding, Immunet works primarily by watching the detections of another installed antivirus product, and adding those detections to its database. Since presumably there would be a representation of most of the main vendors within its users, Immunet Protect could fill the voids left by any one particular vendor.
The downside (apart from the question of intellectual property for signature sets, which you could argue should or shouldn't exist) is the current reviews. Novcon.tv has quite a few reviews of Immunet protect in the current video catalog:
So, what gives? My thoughts are that the model is sound, but the database is weak. More data from more users using the software should produce better results. So do we use it? I have it on a couple machines and one of the test VMs here, watching to see what happens.
Feed Entries 
