Blog Posts Tagged with "Databases"


Gamers: Hackers Latest Hot Target

December 18, 2011 Added by:Josh Shaul

If you are a gamer and you use any online gaming network or service, please be vigilant and cautious. Don't click on any offer that comes in via email, and don't signing up for anything gaming related unless you are doing so direct from the software manufacturer or gaming network...

Comments  (0)


Does Software Security Suffer When the Customer is No Longer Master?

November 22, 2011 Added by:Josh Shaul

When you measure the impact on share price, it’s not worth it to build secure software. Buyers are gobbling up the vulnerable stuff as quickly as they can get their hands on it, and the people who pay the price are those whose data is stolen and whose lives are turned upside down in the aftermath...

Comments  (2)


Controlling Valuable Data By Using Maps

November 10, 2011 Added by:Brent Huston

As the battle rages, attackers look for every angle they can leverage in order to access your data. Our team has spent countless hours discussing the importance of identifying what ‘valuable data’ means, learning where that data lives, and understanding how it is accessed...

Comments  (0)


Analysis of the October 2011 Oracle CPU Database Patches

October 19, 2011 Added by:Alexander Rothacker

Oracle released its October Critical Patch Update with 57 vulnerabilities across multiple products. This low number of patches continues a trend where Oracle appears to be losing focus on database security, probably due to the many new products offerings and acquisitions...

Comments  (0)


Keeping Privileged Users Under Control in Oracle Database

October 03, 2011 Added by:Esteban Martinez Fayo

SYSDBA privilege has unlimited access to all data and can make any configuration change. With DatabaseVault installed, it is possible to restrict SYSDBA users from accessing certain data but the protection is not complete. There are ways to bypass the defenses and compromise the data...

Comments  (1)


Why Data Centers Need SSAE 16

September 29, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA

SSAE 16 is one of the most widely known tools for providing assurances to data center customers. Yet, a myth that the SSAE 16 standard is not applicable to the industry persists. Data center providers have no choice but to arm themselves with the following facts about SSAE 16 applicability...

Comments  (4)


Cloud versus Local Storage Security

September 22, 2011 Added by:Emmett Jorgensen

Each storage medium offers its own benefits for different scenarios. It's up to the user to choose the option that best fits. Security is a major difference in these two types of storage. Until cloud storage becomes more secure, many will prefer local storage alternatives...

Comments  (0)


High Fashion, Low Security - Part Duex

August 25, 2011 Added by:David Martinez

I spy serious SQL issues… I had the hashes for the admins table, info from the customers table, as well as the full output of the transactions and users tables, which included MD5 hashes of CC numbers. The hashes were all 64-bits from a MySQL db, which means they were probably SHA256...

Comments  (0)


High Fashion - Low Security

August 15, 2011 Added by:David Martinez

In the end, I had the hashes for the admins table, full customer info from the customers table, as well as the full output of the transactions and users tables, which included MD5 hashes of CC numbers. The hashes were all 64-bits from a MySQL db, which means they were probably SHA256...

Comments  (0)


Native Auditing In Modern Relational Database Management

August 03, 2011 Added by:Alexander Rothacker

Modern databases provide powerful built-in auditing capabilities that are often underestimated. There are downsides of native auditing like the ability for a malicious user to manipulate the audit trail. Overall, this feature allows customers to monitor database activity at a very granular level...

Comments  (3)


Microsoft Database Tracks Laptops and Smart Phones

August 01, 2011 Added by:Headlines

The data collected includes device MAC addresses and corresponding street addresses, which could be used to identify individual users in what amounts to clandestine tracking of customer movements. In fact, staff at Cnet were able to retrieve very specific device tracking information...

Comments  (0)


TeamSHATTER Analysis Of The July 2011 Oracle CPU

July 31, 2011 Added by:Alexander Rothacker

With ‘unbreakable’ timeliness, Oracle released their 27th Critical Patch Update. They shipped 78 security fixes over all their product families. Sixteen of the fixes are specific to the Oracle Database, but a total of 30 fixes have an impact on database confidentiality, integrity or availability...

Comments  (0)


Avoiding The Next Big Data Breach

June 21, 2011 Added by:Alexander Rothacker

It’s incumbent on the individuals that are responsible for the security of the data to ride this wave of activity, raise awareness, and move their security projects forward. There is no reason these large breaches should be occurring, not when the solutions already exist...

Comments  (0)


Researcher Nabs Details from 35 Million Google Profiles

May 26, 2011 Added by:Headlines

“I wrote a small bash script to download all the sitemap-NNN(N).txt files mentioned in that file, and attempted to download 10k, then 100k, than 1M and then, utterly surprised that my connection wasn't blocked or throttled or CAPTCHA'd, [downloaded] the rest of them..."

Comments  (0)


Web Application Security - Real or Imagined?

May 17, 2011 Added by:Bill Gerneglia

Once an user accesses your databases through a web application, your control over the user's actions diminishes. A malicious user can "craft" inputs into their browser that allow them to do things other than what you want them to do. Security is a real concern in such a situation...

Comments  (0)


ERP Vulnerabilities Differ from Those at the Database Level

May 13, 2011 Added by:Alexander Rothacker

ERP applications are attractive targets because this software is present in all major organizations and across the whole enterprise. The backend database of these systems usually contains customer data and key company secrets, such as the logic for business processes...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »