Most application developers underestimate the risk of SQL injection attacks against web applications that use Oracle as the back-end database.
This paper is intended for application developers, database administrators, and application auditors to highlight the risk of SQL injection attacks and demonstrate why web applications may be vulnerable.
It is not intended to be a tutorial on executing SQL attacks and does not provide instructions on executing these attacks.
The experts--three computer science professors and a former IBM researcher--said Wednesday that creating an e-voting system that both guarantees each person votes once and protects the voter's identity is impossible on the current Internet system. "Basing a voting system on the Internet poses unavoidable risks of voting fraud and privacy risks," said David Wagner, an associate professor of computer science at the University of California at Berkeley. "They are unavoidable and can't be fixed."
A vulnerability in Microsoft Internet Security and Acceleration Server 2000 (ISA Server) can permit an attacker to run code of his or her choice under the security context of the Microsoft Firewall Service. This vulnerability stems from a buffer overrun in ISA Server's H.323 filter. The H.323 filter is enabled by default on ISA Server servers that are installed in integrated or firewall mode.
Firewall maker Check Point launched a security appliance on Tuesday that it claims will protect corporate networks from cyberattacks that exploit known vulnerabilities in LAN protocols and applications.
The InterSpect appliance works by having access to a regularly updated database of known vulnerabilities. When packets associated with a particular application start acting suspiciously, the InerSpect appliance takes over, quarantines the affected PC and warns the user that all network access has been temporarily revoked while the computer is being cleaned.
Computer security experts fear a new worm that began spreading rapidly across Australian e-mail networks on Sunday could be a rehearsal for a more concerted attack in coming weeks.
The worm — dubbed Bagle-A — carries an expiry date, possibly indicating more robust versions of the worm could be slated for release soon, said Daniel Zatz, security director for Computer Associates Australia.