Cesar Cerrudo of Argeniss Information Security has put out a new whitepaper (.pdf format), Data0: Next generation malware for stealing databases, describing how malware could be crafted to steal information out of databases. For the most part, it stays at a high-level, however, Cesar does give a few example queries (for SQL Server), the appropriate API calls to perform certain operations, etc., which delve a bit more into the technical side, but even these are fairly straight-forward. To demonstrate what he talks about in the whitepaper, he built a simple proof of concept (PoC), but based on what's in the whitepaper (and what is generally accepted as what's possible), nothing seemed outlandish or hard-to-do. Just for [Read more...]
For a variety reasons, including personal/family concerns and workload, I've not been able to write as often as I'd like. That doesn't just include the blog, but also writing articles. It's been a long while since I've written an article for SSC. I want to get back to writing at least monthly, if not more often. One of the keys to writing well is to write every day. Therefore, I'm going to provide some structure to the blog in order to make it easier to post every weekday with something that will hopefully be useful. Here's the types of posts that should be present based on the day of the week:
I've spent my spare time the last few weekends helping a non-profit called Fast Forward here in the Columbia, SC area. I don't post this here to blow my own horn but rather to point out the need many non-profit organizations have for quality IT support. Most non-profits operate on a limited budget meaning they take help where they can get it. Often times there just isn't money left in the budget for a services contract, etc., even for an organization like Fast Forward.
This is where knowledgeable folks can really make a difference. I know the usual excuse: after spending all week looking at a computer screen, the last thing anyone wants to do is spend the weekend working on computers. I've been there, so I understand that feeling completely. However, I have to say that the time I've spent working at Fast Forward has [Read more...]
Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.