NGSSoftware has been busy this year between receiving multiple enterprise and tech awards, speaking at Black Hat, writing "The Web Application Hacker’s Handbook" and now announcing 492,000 database servers are online without firewall protection! We sometimes wonder between all the research and security advisories where do they fit in time to sleep?

>From the article by Ryan Naraine at ZDNet:
Link: http://blogs.zdnet.com/security/?p=663

"Between the two vendors, there are 492,000 database servers out there on the Internet not protected by a firewall. Whilst the number of Oracle servers has very slightly dropped since 2005 when it was estimated there were 140,000, the number of SQL Servers has risen dramatically from 210,000 in 2005," Litchfield warned.

Litchfield also spoke recently on Database Forensics at Black Hat USA 2007.
>From the Abstract:

"By delving into the guts of an Oracle database's data files and redo logs, this talk will examine where the evidence can be found in the event of a database compromise and show how to extract this information to show who did what, when. The presentation will begin with a demonstration of a complete compromise via a SQL injection attack in an Oracle web application server and then performing an autopsy. The talk will finish by introducing an open source tool called the Forensic Examiner's Database Scalpel (F.E.D.S.)."

Read the Full Bio and Abstract here:
https://blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Litchfield

Audio and Video coming soon:
https://blackhat.com/html/bh-multimedia-archives-index.html

Download his materials here:
https://blackhat.com/presentations/bh-usa-07/Litchfield/Presentation/bh-usa-07-litchfield.pdf

The Web Application Hacker’s Handbook: http://www.ngssoftware.com/press-releases/the-web-application-hackers-handbook-published/

Ver todos los episodios