DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 5th October 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,149
Thanked 182 Times in 149 Posts
Default New Oracle hacks revealed

From http://h-online.com/-1723371

Quote:
At the DerbyCon 2.0 conference, security experts Laszlo Toth and Ferenc Spala presented a range of attacks, some of which were previously unknown, on Oracle databases and SQL servers; they even released suitable tools to exploit them at the same time.

In "Hacking the Oracle Client", Laszlo Toth demonstrated that, although Oracle saves the user name and password for a database connection in encrypted form in the client's main memory, this data remains in memory after the session has ended and can easily be decrypted. A trojan, for example, could exploit this to harvest plain-text passwords from the client, which was impressively demonstrated by the ocioralog meterpreter extension.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Simple authentication bypass for MySQL root revealed J65nko News 2 13th June 2012 06:26 AM
Oracle Solaris goes to 11 J65nko News 0 10th November 2011 11:49 PM
Oracle releases VM VirtualBox 3.2.0 J65nko News 0 19th May 2010 09:49 PM
UPS Hacks Inquiry revzalot General Hardware 0 24th July 2008 04:29 PM
BSD Hacks anomie Book reviews 5 2nd May 2008 05:15 PM


All times are GMT. The time now is 07:46 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick