Security researchers have reported spikes in mass SQL injection attacks of late that take advantage of very common vulnerabilities in the way that Web applications interact with back-end databases. Particularly targeting ASP, ASP.Net, and MS-SQL sites, these mass SQL injection campaigns have been linked to black hat efforts to redirect victims to browser exploit kits like Blackhole or Phoenix. Continue reading Mass SQL Injections Spike Again
Oracle on Monday acknowledged a still-unpatched database vulnerability for which proof-of-concept code was published by a researcher who thought the hole had been plugged.
In its alert, Oracle advised users to apply workaround measures and configuration changes as noted.
The serious vulnerability, which earned a 7.5 CVSS score, is remotely exploitable without the need for authentication by the attacker and affects 10g and 11g (the most current) versions of Oracle Database. Continue reading Oracle lists workarounds following zero-day disclosure
A trio of Indian researchers have proposed a method of steganography which hides messages in by using non-random distribution of letters with or without straight lines.
Steganography is a group of techniques for hiding messages in plain sight. Microdots, tiny text written inside a full stop and only legible when magnified, are one steganography technique. Steganography is hard to detect and decrypt, so much so that this paper from the US National Science and Technology Council (PDF) wrings its hands about it’s potential use by terrorists. Continue reading New steganography technique relies on letter shapes