David Litchfield slams Oracle database indexing
A reactive approach to software security, namely following the security research community’s lead, has proven to be a winning strategy for Oracle Corp. in recent years.
Since 2008 the database giant has steadily trimmed the number of critical buffer-overflow vulnerabilities in the Oracle database server. Longtime thorn David Litchfield, however, may have forced Oracle to reassess its software security strategy after his talk Thursday at the 2012 Black Hat Briefings.
Litchfield demonstrated several working exploits against the Oracle database server’s indexing architecture, low-hanging fruit that Litchfield said has largely been ignored by attackers and Oracle—until now. Litchfield, one of the industry's top database security consultants, demonstrated several proof-of-concept attacks, during which he was able to elevate his privileges to the DBA level, giving him the ability to manipulate database indexing records remotely via SQL injection.
- Fri, 2012-07-13 00:16
- Thu, 2012-06-07 00:01
- Thu, 2013-05-16 02:45