SecurityRatty: tag: databases

Stealing Sensitive Databases Online - the SQL Style

2008-05-12 01:13:00 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...databases available for extraction in an unencrypted form In reality, reconnaissance through search engine's indexes to build a hit list of E-shops with a higher probability for exploitation, is what malicious attackers who lack the skills and capacity to build a botnet, even invest money into renting one on demand and collecting the output...

Tags: databases, pop e-shops, e-shops, site-specific vulnerability manner, specific vulnerability, complete access, malicious attackers, access, bad guys

Tool to synchronize two SQL Server databases

2008-03-17 00:37:45 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice

Discover a tool that synchronizes two SQL Server databases allowing changes to one SQL Server database to update on the other

Tags: sql server databases, sql server database, tool, discover

FAQ: SQL Server databases how-to

2008-03-20 10:59:19 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice

Troubleshoot SQL Server database issues with these FAQs. Whether it's how to back up, restore, import, export, copy or upgrade SQL Server databases, you'll get expert advice here

Tags: expert advice, copy, export, restore, faqs, import

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle

...databases courtesy of vulnerable Web pages, from a user's perspective the real attack was compromised Web pages that serve up malware to attack user's through their browsers. In essence, there were two sets of victims: the Web site operators and the users who visited the affected Web sites. In this post, I want to focus on what the first set...

Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability

Understanding and Selecting a Database Activity Monitoring Solution: Part 5, Advanced Features

2008-03-31 19:26:22 by rmogull in securosis.com

...databases, the reality is we really dont always know whats inside of them. Many of our systems grew organically over the years, some are managed by external consultants or application vendors, and others find sensitive data stored in unusual locations. To counter these problems, some database activity monitoring solutions are adding content...

Tags: database, database activity, application level, application, tools, change management tools, application activity, database queries, queries

Duke School of Law breach affects 3,200

2007-12-06 11:37:20 by Evan Francen in The Breach Blog

...databases were exposed in the attack that contained sensitive personal information about some current and prospective Law School applicants and students Reference URL Duke School of Law Incident Web Page The News and Observer Story United Press International Story Report Credit Melinda Vaughn, Executive Director of Communications at Duke...

Tags: school, duke school, breach, security, comfyllama social security, complete, breach description, complete security scan, security breach

Giving Drivers Licenses to Illegal Immigrants

2008-02-13 05:57:39 by schneier in Schneier on Security

...databases are the only comprehensive databases of U.S. residents. They're more complete, and contain more information - including photographs and, in some cases, fingerprints - than the IRS database, the Social Security database, or state birth certificate databases. As such, they are an invaluable police tool - for investigating crimes,...

Tags: licenses, driver licenses, illegal immigrants, licenses helps, licenses andor, deny licenses, driver, law, respects law enforcement

2008 DOI: Day 8 - Protect the Vault (that's where the money is)

2008-02-26 10:26:21 by Mike Rothman in Mike Rothman's blog

...databases, resulting in accelerating interest in application and database security product offerings. But history will repeat itself, as a fool with a tool is still a fool, which doesnt help customers solve any problems 2008 Incite: Protect the Vault (thats where the money is The hackers continue to go where the money is by increasingly...

Tags: database, expect database security, database vendors disdain, database server, database stores, security, database security gateway, security tools, security functions

Bots + Web Vulnerabilites - An Approaching Storm

2008-05-15 21:55:13 by Bill in Grumpy Security Guy

...databases directly, they are populating the pages with links that attempt to do drive by malware installs by exploiting browser vulnerabilities. It was pretty successful but SQL Injection is a vulnerability that is on the decline (and will decline even more after this attack). I begin thinking about vulnerabilities that would do the same...

Tags: vulnerabilities, permanent xss vulnerabilities, xss, sql injection, attack shortly, attack, mass sql injection, web vulnerabilites, browser vulnerabilities

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo