   |  | Join Date: Jul 2006 | Posts: 9,961 | Location: Topeka, KS |
Black Hat: U.K. security guru lays into database vendors
David Litchfield reveals another clutch of Informix holes
August 07, 2006 -- Noted security researcher David Litchfield has again panned the state of database security, revealing another clutch of vulnerabilities in the software of a major vendor.
In his address at the Black Hat conference in Las Vegas this week, he released details of more than 20 holes that he and his researchers at U.K.-based Next Generation Security Software Ltd. had uncovered in IBM's Informix database family.
The wide-ranging flaws could allow an attacker to mount a denial-of-service attack, gain access to information or simply compromise the integrity of the database itself. Versions 7.3, 9.4, and 10.0. are said to be affected.
Security Web site Secunia has since released more details of most of these vulnerabilities, which it rates as "moderately critical".
"In my opinion, database security is riddled with holes and it's the biggest problem we face in IT today," Litchfield was reported to have said during the presentation.
"The database attacks are out there and these data breaches show it. They just aren't noticed at the time."
Litchfield has excellent database flaw-finding credentials, having been responsible for finding a large number in the products of Oracle two years ago.
He subsequently pursued the company over the time it took to patch one of these holes, which Litchfield said was significant. He even went to the unusual lengths of releasing his own patch for the issue.
He remains angered by the time it takes database vendors to patch reported flaws, commenting on the number of issues that remained to be dealt with in the products of his favorite target, Oracle.
(TechWorld.com)
August 07, 2006 -- Noted security researcher David Litchfield has again panned the state of database security, revealing another clutch of vulnerabilities in the software of a major vendor.
In his address at the Black Hat conference in Las Vegas this week, he released details of more than 20 holes that he and his researchers at U.K.-based Next Generation Security Software Ltd. had uncovered in IBM's Informix database family.
The wide-ranging flaws could allow an attacker to mount a denial-of-service attack, gain access to information or simply compromise the integrity of the database itself. Versions 7.3, 9.4, and 10.0. are said to be affected.
Security Web site Secunia has since released more details of most of these vulnerabilities, which it rates as "moderately critical".
"In my opinion, database security is riddled with holes and it's the biggest problem we face in IT today," Litchfield was reported to have said during the presentation.
"The database attacks are out there and these data breaches show it. They just aren't noticed at the time."
Litchfield has excellent database flaw-finding credentials, having been responsible for finding a large number in the products of Oracle two years ago.
He subsequently pursued the company over the time it took to patch one of these holes, which Litchfield said was significant. He even went to the unusual lengths of releasing his own patch for the issue.
He remains angered by the time it takes database vendors to patch reported flaws, commenting on the number of issues that remained to be dealt with in the products of his favorite target, Oracle.
(TechWorld.com)
--------------------
Find it on Forums
Brandon Sheley / vBulletin Setup Staff
Check out our Newsletter for the latest vB and SEO news.
Are you looking for vBulletin work to be done on your forums ?
Would you like to Help Support vBulletin Setup.
Check out our Newsletter for the latest vB and SEO news.
Are you looking for vBulletin work to be done on your forums ?
Would you like to Help Support vBulletin Setup.
Please do not PM me for support, that's what the forums are for.
Have you heard about Crowdgather?Find it on Forums
Stay up to date by installing our Tool Bar
Linear Mode
