Oracle Rootkits 2.0

Presented at DEF CON 14 (2006), Aug. 5, 2006, 11 a.m. (50 minutes)

In 2006 thousands of people will create applications based on the free Oracle 10g Express Edition. Even if this version of Oracle (based on Oracle 10g Rel. 2) is the most secure database from Oracle out of the box so far, there is still room for improvements. This presentation shows different possibilities to attack Oracle 10g Express Edition (and Oracle 10g Rel. 1 and Rel. 2). With Oracle 10g Oracle introduced some new security features (e.g. listener protection) which eliminates old attack vectors. But by introducing new features they implemented new bugs and new possibilities like SQL injection, built-in HTTPS-server, etc

Presenters:

  • Alexander Kornbrust - Founder & CEO
    Alexander Kornbrust is the founder and CEO of Red-Database-Security GmbH, a company specialized in Oracle security. Red-Database-Security is one of the leading companies in Oracle security. He is responsible for Oracle security audits and Oracle anti-hacker trainings and gave various presentations on security conferences like Black Hat, Bluehat, IT Underground. Alexander Kornbrust has worked with Oracle products as an Oracle DBA and Oracle developer since 1992.During the last six years, Alexander has found over 220 security bugs in different Oracle products.

Links:

Similar Presentations: