The disk defragmenter in Windows Vista leaves much to be desired. A couple of months ago, I recommended Auslogics’ Disk Defrag as a free alternative. What that program lacks is the ability to defrag just one or a select set of files and folders.

If you use Windows XP, the free Contig program from Mark Russinovich of Sysinternals fame (now owned by Microsoft) lets you ensure that an existing file is stored contiguously rather than fragmented onto different disk volumes. You can also use it to create a file that will remain contiguous.

Why would you want to defragment a single file? It may be one you open frequently, or it may be missed by disk defragmenters for any number of reasons, primarily that it is in use when the defrag occurs. A companion program from Russinovich called PageDefrag lets you defragment paging files and Registry hives that are inaccessible to other defraggers.

These programs are great for XP, but they don’t work with Vista. For that OS, there’s WinContig, a freebie from Marco D’Amato. The program works without having to create any installation files or Registry entries. Simply select the files or folders you want to defrag and click Analyze.

When the program finds a file in need of defragmentation, select it and click the Defragment button. WinContig offers to check the disk for errors before defragmenting, and if it finds any errors it instructs you to correct them before it will proceed. Of course, you can run the defrag without the disk check as well.

For those of you that haven’t yet made the move to Firefox 3.0, the Mozilla folks have released Firefox 2.0.0.15 which according to the release notes link (see below) fixes a security vulnerability. However, the “known vulnerabilities” page (linked from the release notes page) doesn’t include any info (yet) on what that security fix is.

SQL injection attacks are probably the most common way for hackers to strike Internet-facing SQL Server databases. No matter how secure your network is or how many firewalls you have in place, any application that uses dynamic SQL and allows for unchecked user input to be passed to the database is at risk for a SQL injection assault. Recent reports on Web hack attacks show SQL injection attacks are on the rise and lead not only to data theft and data loss, but in the most recent string of automated injection attacks, databases were compromised to serve malicious Java script code to customers. The infiltration causes Web servers to infect the client computer with another virus. Reports vary on the number of websites that have been compromised, but even the lowest of the numbers is still in the hundreds of thousands, and at the peak of the infection, they included sites like the United Nations.

Before you go jumping off the SQL Server platform because it’s not secure, the truth is all database platforms suffer from this attack vector. Attacks against SQL Server are simply more common because there are more SQL Servers deployed in hosting environments. Developers – who don’t know how to protect against these kinds of strikes – are developing the Web pages. Because of the high success rate, this sort of attack is very popular with the malware community, and as a community, if we can remove the hackers’ ability to launch these attacks, our sites will be protected and the attackers will move on.

Updated your Web browser lately? Ever? If not, you and 637 million other Net surfers with outdated, insecure browsers are inviting criminal hackers into your computer, researchers warn.

Using Internet Explorer? You’re likely to be one of the biggest offenders.

The researchers wanted to know why so many recent attacks have been targeted at the browser and why so many were successful. Using data from mid-June, they found that about 40% of users were surfing with vulnerable versions of a browser. At the low end, just over half (52%) of IE users were running the latest version. At the top, Firefox: 92% of users were running the latest version. For Apple’s Safari, 70% were up to date, while; 90% of Opera users were current.

Domino’s Pizza is to use Voltage Security’s Secure-mail encryption package to protect internal and external company e-mails.

The move is part of a corporate-wide data loss prevention initiative to avoid accidental loss of private or proprietary information, said Karl Anderson, network security manager for the pizza maker.

“We realised that e-mails being sent to partners and suppliers, such as insurance providers, may contain information like social security numbers that must be encrypted before sending,” he said.

Domino’s will encrypt e-mail between corporate headquarters in Ann Arbor and its 17 distribution centres across the US, and between key partners and suppliers.

Secure-mail will automatically flag e-mails with sensitive data and encrypt them automatically prior to sending. Recipients will be able to read protected messages without having to download and instal client software.