Cesar Cerrudo of Argeniss Information Security has put out a new whitepaper (.pdf format), Data0: Next generation malware for stealing databases, describing how malware could be crafted to steal information out of databases. For the most part, it stays at a high-level, however, Cesar does give a few example queries (for SQL Server), the appropriate API calls to perform certain operations, etc., which delve a bit more into the technical side, but even these are fairly straight-forward. To demonstrate what he talks about in the whitepaper, he built a simple proof of concept (PoC), but based on what's in the whitepaper (and what is generally accepted as what's possible), nothing seemed outlandish or hard-to-do. Just for those worried about that PoC being …
[Read more]
Some time ago I was looking for a password vault and came across
some recommendations for KeePass. KeePass is open source and free. It's a
nice password manager and some of the features I
like are:
- Strong encryption of the password database
- The ability to use a password, key file, or the combination of the two to secure access to said password database
- A password generator with a multitude of options
- The ability to copy the password to the clipboard (without ever showing it) and have it clear the password after a set amount of time
- Organize password entries by groups and subgroups (think folders)
A new version, 1.09, released in October. There is also a …
[Read more]
For a variety reasons, including personal/family concerns and
workload, I've not been able to write as often as I'd like. That
doesn't just include the blog, but also writing articles. It's
been a long while since I've written an article for SSC. I want to get back to writing
at least monthly, if not more often. One of the keys to writing
well is to write every day. Therefore, I'm going to provide some
structure to the blog in order to make it easier to post every
weekday with something that will hopefully be useful. Here's the
types of posts that should be present based on the day of the
week:
- Monday - Career Development
- Tuesday - Tips, Tricks, and SQL Scripts
- Wednesday - Tools, Tools, and More Tools
- Thursday - Tips, Tricks, and SQL Scripts …
I've spent my spare time the last few weekends helping a
non-profit called Fast Forward here in the Columbia, SC area. I
don't post this here to blow my own horn but rather to point out
the need many non-profit organizations have for quality IT
support. Most non-profits operate on a limited budget meaning
they take help where they can get it. Often times there just
isn't money left in the budget for a services contract, etc.,
even for an organization like Fast Forward.
This is where knowledgeable folks can really make a difference. I
know the usual excuse: after spending all week looking at a
computer screen, the last thing anyone wants to do is spend the
weekend working on computers. I've been there, so I understand
that feeling completely. However, I have to say that the time
I've spent working at Fast Forward has been personally rewarding.
There's a sense of accomplishment …