Archive for the ‘Security’ Category

Microsoft fixed null pointer IE6/IE7 bug (CVE-2010-0490)

Dienstag, März 30th, 2010

Microsoft released a patch for CVE-2010-0490. More than 1 year ago I reported this issue to Microsoft.

Finally they fixed the problem.

Bug History:

5-February-2009 – Bug reported to Microsoft Security Response Center

30-March-2010 – Patch for CVE-2010-0490 released

New Repscan 3.0 is available

Dienstag, Februar 23rd, 2010

The latest version 3.0 of our database scanner Repscan is now available. This new version supports MS SQL Server and Oracle databases. Repscan comes with a large amount of new features and a complete new GUI (First database scanner with Office-2007 UI).

Repscan 3.0

Here some of the new features of Repscan 3.0:

  • Support for MS SQL Server (2000, 2005, 2008)
  • Extremely user-friendly database configuration wizard (screenshot)
  • Flexible tree control (re-group databases by status, hierarchy, …) (screenshot)
  • Database security browser with drill down functionality (PDF, XLS, … export) (screenshot, screenshot)
  • New reports (performance, used_features, …)
  • Data Discovery (SSN, PII, Creditcard, Passwords, …)
  • Database Enumeration (custom, NMap support) (screenshot)
  • Pentest Features (Guess SID, Check default username/password combinations, …)
  • Exploit & Code Library (screenshot)
  • Version and Patch Information
  • Skins

Here some (old) features of Repscan:

  • Password plugin architecture
  • Password plugins for Oracle DES, SHA1, OID, APEX, OVS
  • Commandline features
  • PL/SQL Source Code Analysis Report

Here some statements of Repscan 3.0 users:

„Repscan Rocks“, „I must have this tool.“, „Very cool stuff“, „really like the clean interface… checks are great“, „…tend to be more Oracle security information hub than just scanner :-)“

Over the next  few weeks I will show here more details of some Repscan 3.0 features.

If you want to test Repscan 3.0 you can download it from our exclusive distributor Sentrigo

Really good whitepaper about „Hacking Oracle from the Web“

Montag, Februar 22nd, 2010

Sumit Siddarth (Sid) has just published a really good whitepaper about „Hacking Oracle from the Web„.This is the most comprehensive published collection of different techniques for attacking Oracle from the web. Sid spent a lot of time composing the different techniques mentioned in various presentations and whitepapers.

Sid describes various techniques like data extraction (inband techniques like union or error messages, out-of-band techniques like heavy queries, blind, …), privilege escalation (sys.kupp$proc, dbms_repcat_rpc and dbms_export_extension)  and OS code execution.

Well done Sid.

Oracle & Metasploit Presentation from Blackhat USA are already online

Mittwoch, Juli 29th, 2009

The Oracle & Metasploit material (PDF, Slides) from the Blackhat 2009 conference from Chris Gates is already online. A short review will be done tomorrow.

Article about Oracle CPU Quality

Freitag, Juli 24th, 2009

Today Eric Maurice from Oracle Global Product Security released an interesting article about „Ensuring Critical Patch Update Quality„. He explains the entire test process,  timeline (e.g. 15 weeks before the CPU is released the fixes will be selected), ….