| New User, Welcome! Login |
looking forward
We've finalized the speaker lineup for Black Hat Japan 2007, and we're looking forward to a great show. Attendees will be treated to a roster with more variety and depth than ever.
The schedule and speaker bios are available on-line at:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-schedule.html
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html
As always, we've worked hard to create a show with timely, technical content and a broad range of topics. Some highlights of this year's program include:
* A talk from Pedram Amini and Aaron Portnoy from Tipping Point about the Sulley fuzzing framework - a game changing, free, highly automated fuzzing suite.
* A talk from Halvar Flake, world-class reverse engineer and one of Black Hat's most sought-after speakers entitled "Automated Unpacking and Malware Classification."
a patch to be created. In the intervening time, other researchers have made
partial disclosures, but this is your chance to join co-discoverer Jeremiah
Grossman for a Black Hat webcast that deals with the attack from all sides.
Bring your questions - we'll have a Q&A session after the presentation.
Black Hat Japan is in the books and we're already looking forward to the
Washington DC and Europe events. If you missed Black Hat Tokyo, we have put
all the material on-line for download, and are in the process of getting the
audio files tagged and on-line as well:
https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-onsite-archive.html
From the paper:
"This paper will present a new class of attack, called SQL Smuggling. SQL Smuggling is a sub-class of SQL Injection attacks that rely on differences between contextual interpretation performed by the application platform and the database server. While numerous instances of SQL Smuggling are commonly known, it has yet to be examined as a discrete class of attacks, with a common root cause. The root cause in fact has not yet been thoroughly investigated; this research is a result of a new smuggling technique, presented in this paper. It is fair to assume that further study of this commonality will likely lead to additional findings in this area.
SQL Smuggling attacks can effectively bypass standard protective mechanisms and succeed in injecting malicious SQL to the database, in spite of these protective mechanisms. This paper explores several situations wherein these protective mechanisms are not as effective as assumed, and thus may be bypassed by malicious attackers. This in effect allows an attacker to succeed in "smuggling" his SQL Injection attack through the applicative protections, and attack the database despite those protections. "
Of course, I'm looking forward to hearing about other instances of this...
Cheers,
AviD
On Tue, 9 Sep 2008, douglen@hotmail.com wrote:
[snip]
> Of course, I'm looking forward to hearing about other instances of
> this...
Interesting reasearch.
It looks like Oracle DBMS may be vulnerable to the "Unicode Smuggling"
Have a talk, workshop or training proposal to do with security, hacking
or making you'd like to submit?
_______________________________________________________________________
At B-Sides Vienna aka NinjaCon 11, we're looking forward to see a
selection of trainings, hands-on workshops, 50-minute presetations and
15-minute lightning talks. As we understand ourselves as an open,
international event, the official conference language for all talks,
trainings and workshops (as well as submitted abstracts), as always, is
English.
that the details provided in the report may give a hacker a specific
direction to look for the vulnerability. Finally, the vendor indicates
that will have a better estimation for the rlease date of a fix by
Friday March 28th, 2008.
. 2008-03-27: Core acknowledges the vendor's email and indicates that is
looking forward to having the new estimate by Friday.
. 2008-03-28: Vendor informs that it has brought the estimated release
date in to May 2nd. If things go well during QA, they may be able to
bring that date in sooner and vendor requests that Core postpone
publication until that time.
. 2008-03-28: Core re-schedules publication of the advisory to May 2nd
We've finalized the speaker lineup for Black Hat Japan 2007, and we're looking forward to a great show. Attendees will be treated to a roster with more variety and depth than ever.
The schedule and speaker bios are available on-line at:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-schedule.html
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html
As always, we've worked hard to create a show with timely, technical content and a broad range of topics. Some highlights of this year's program include:
* A talk from Pedram Amini and Aaron Portnoy from Tipping Point about the Sulley fuzzing framework - a game changing, free, highly automated fuzzing suite.
* A talk from Halvar Flake, world-class reverse engineer and one of Black Hat's most sought-after speakers entitled "Automated Unpacking and Malware Classification."
We've finalized the speaker lineup for Black Hat Japan 2007, and we're looking forward to a great show. Attendees will be treated to a roster with more variety and depth than ever.
The schedule and speaker bios are available on-line at:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-schedule.html
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html
As always, we've worked hard to create a show with timely, technical content and a broad range of topics. Some highlights of this year's program include:
* A talk from Pedram Amini and Aaron Portnoy from Tipping Point about the Sulley fuzzing framework - a gamechanging, free, highly automated fuzzing suite.
* A talk from Halvar Flake, world-class reverse engineer and one of Black Hat's most sought-after speakers entitled "Automated Unpacking and Malware Classification."
|
|
|
