| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: marc at eeye.com (Marc Maiffret) Subject: Tool: Sapphire SQL Worm Scanner We had a lot of requests to put together a quick free scanner, like we've done in the past, for this SQL worm. This is the first version and it is bound to have bugs. Feel free to email me any issues directly and we can work on them. The scanner is non-intrusive, wont crash your servers, in identifying vulnerable systems. It WILL NOT identify already infected systems. Because of the nature of the worm it keeps any valid data from getting to the victim system. We suggest using sniffers and IDS's to determine already infected machines. You can download the scanner from: http://www.eeye.com/html/Research/Tools/SapphireSQL.html For more details about the Sapphire SQL Worm: http://www.eeye.com/html/Research/Flash/AL20030125.html If you have any questions or comments feel free to mail me directly. As we find bugs and make improvements the changes will be reflected on our website. So go there for the latest ... that way we don't have to flood this list with email. Thanks to NGSSoftware (http://www.nextgenss.com/) for discovering the flaw the SQL worm uses and for publishing a technical write up which made this scanner possible. Once again illustrating that details ARE needed to help the good guys. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
Powered by blists - more mailing lists