After a somewhat slow day at the Storm Center, I wanted to mention a few issues that we've heard about, but not written about in the last few days.
- Joanna Rutkowska was supposed to give a talk on Wednesday at BlackHat DC on a method that could be used to subvert hardware memory access (so rootkits could hide from live response memory captures). I haven't yet seen any details, but it looks like it could be another fascinating/scary development. The Dark Reading article is here.
- David Litchfield of NGSSoftware.com has released a paper that explains that contrary to Oracle's assertions in the past that CREATE PROCEDURE privs were required for many SQL injection attacks to succeed, it turns out that merely the ability to connect to the database (CREATE SESSION privilege) is sufficient. All the more reason to limit the ability to connect to the database, encrypt the connections, and make sure you are using strong authentication.
- The continuing saga of A/V software vulnerable to DoS while attempting to unpack crafted files (previously Symantec, ClamAV and Trend had problems with UPX and Kaspersky with PE) hit Kaspersky again (UPX this time). Apparently, they actually fixed the problem a month ago, but publicly acknowledged it today, see the posting to the vulnwatch list.
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Gulf Region 2020
Mar 3rd 2007