[<prev] [next>] [day] [month] [year] [list]
Message-ID: <430709.40289.qm@web54404.mail.yahoo.com>
Date: Thu, 12 Apr 2007 16:24:03 -0700 (PDT)
From: Cesar <cesarc56@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: [Argeniss] Hacking Databases for owning your data
(paper)
Abstract:
Data theft is becoming a major threat, criminals have
identified where the money is. In the last years many
databases from fortune 500 companies were compromised
causing lots of money losses. This paper will discuss
the data theft problem focusing on database attacks,
we will show actual information about how serious the
data theft problem is, we will explain why you should
care about database security and common attacks will
be described, the main part of the paper will be the
demonstration of unknown and not well known attacks
that can be used or are being used by criminals to
easily steal data from your databases, we will focus
on most used database servers: MS SQL Server and
Oracle Database, it will be showed how to steal a
complete database from Internet, how to steal data
using a database rootkit and backdoor and some
advanced database 0day exploits. We will demonstrate
that compromising databases is not big deal if they
haven't been properly secured. Also it will be
discussed how to protect against attacks so you can
improve database security at your site.
http://www.argeniss.com/research/HackingDatabases.zip
(Tools and exploits included)
Enjoy.
Cesar.
____________________________________________________________________________________
Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists