Musings on Database Security

UKOUG 2011

Slavik — Wed, 07 Dec 2011 17:07:31 +0000

Well, that was fun. I had a great time at UKOUG at Birmingham. Met friends, enjoyed the parties and gave a SQL Injection security presentation. All in all, I think it went well – no demos crashing, etc. It’s pretty much the same presentation I gave at in the hacking exposed series so you can download [...]

OOW2011

Slavik — Fri, 07 Oct 2011 21:37:20 +0000

Another year, another Oracle Open World has passed. Great times - Meeting friends – lot’s of friends from Israel this year Attending some interesting presentations – especially the less official ones like Tanel’s Exadata internals Seeing the drama – Salesforce, Larry – the soap opera continues The icing on the cake – Sting and Tom [...]

Hacking exposed presentation and source code

Slavik — Wed, 04 May 2011 22:17:28 +0000

Here is the presentation and demo application I’ve used for the hacking exposed webinar I did on April 14th. The download file includes an eclipse project and instructions under the “etc” folder. It also includes a few scripts I used for blind SQL injection and worm infection. Tell me what you think… HackingExposed

LizaMoon Threat Brief

Slavik — Thu, 14 Apr 2011 03:01:09 +0000

McAfee just posted a threat brief we created regarding the LizaMoon attack spreading through vulnerable web sites. Thanks to Vadim and our red team for providing the material and Andy for doing the proofing and adding his words of wisdom. As always, the simple way to solve SQL injection is to use bind variables. On another [...]

MySQL.com Database Compromised By Blind SQL Injection

Slavik — Sun, 27 Mar 2011 22:53:19 +0000

I guess this is somewhat ironical. At least it was nothing simple as in-band SQL Injection via errors or directly. It just goes to show you that any site can be vulnerable to attacks, even guys that write DB engines for a living. On the other hand, I’m sure that the sites were not created [...]

McAfee Acquires Sentrigo!

Slavik — Wed, 23 Mar 2011 17:59:24 +0000

After OEMing our products for 6 months, it seems McAfee agrees that we are doing something important and they want a bigger part of it. Actually, they want all of it. As a founder, this is an exciting time for me. It’s a mixed feeling of pride, joy and a bit of sadness. Somewhat similar [...]