Thread: Security New Oracle hacks revealed
View Single Post
  #1   (View Single Post)  
Old 5th October 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default New Oracle hacks revealed

From http://h-online.com/-1723371

Quote:
At the DerbyCon 2.0 conference, security experts Laszlo Toth and Ferenc Spala presented a range of attacks, some of which were previously unknown, on Oracle databases and SQL servers; they even released suitable tools to exploit them at the same time.

In "Hacking the Oracle Client", Laszlo Toth demonstrated that, although Oracle saves the user name and password for a database connection in encrypted form in the client's main memory, this data remains in memory after the session has ended and can easily be decrypted. A trojan, for example, could exploit this to harvest plain-text passwords from the client, which was impressively demonstrated by the ocioralog meterpreter extension.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote