lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <430709.40289.qm@web54404.mail.yahoo.com>
Date: Thu, 12 Apr 2007 16:24:03 -0700 (PDT)
From: Cesar <cesarc56@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: [Argeniss] Hacking Databases for owning your data
	(paper)

Abstract:
Data theft is becoming a major threat, criminals have
identified where the money is. In the last years many
databases from fortune 500 companies were compromised
causing lots of money losses. This paper will discuss
the data theft problem focusing on database attacks,
we will show actual information about how serious the
data theft problem is, we will explain why you should
care about database security and common attacks will
be described, the main part of the paper will be the
demonstration of unknown and not well known attacks
that can be used or are being used by criminals to
easily steal data from your databases, we will focus
on most used database servers: MS SQL Server and
Oracle Database, it will be showed how to steal a
complete database from Internet, how to steal data
using a database rootkit and backdoor and some
advanced database 0day exploits. We will demonstrate
that compromising databases is not big deal if they
haven't been properly secured. Also it will be
discussed how to protect against attacks so you can
improve database security at your site.

http://www.argeniss.com/research/HackingDatabases.zip
(Tools and exploits included)


Enjoy.

Cesar.


       
____________________________________________________________________________________
Looking for earth-friendly autos? 
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ