Skip Links

Network World

  • Social Web 
  • Email 
  • Close

New Oracle database hack found

Patches from Debian, Mandriva, Gentoo Huge Web hack attack infects 500,000 pages Microsoft mislabels Skype as adware, and other interesting reading
Security: Threat Alert By Jason Meserve , Network World , 04/28/2008
Sign up for this newsletter now!

Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Researcher finds new way to hack Oracle database
Security researcher David Litchfield has released technical details of a new type of attack that could give a hacker access to an Oracle database. Called a lateral SQL injection, the attack could be used to gain database administrator privileges on an Oracle server in order to change or delete data or even install software, Litchfield said in an interview on Thursday. IDG News Service, 04/24/08.

David Litchfield's blog: A New Class of Vulnerability in Oracle: Lateral SQL Injection
**********

Dell's SMART Approach to Workload Automation: Download now

Three new updates from Debian:

xulrunner (programming error, code execution)

Related Content

phpmyadmin (multiple flaws)

perl (heap overflow, code execution)
**********

Two new fixes from Mandriva:

Wireshark (multiple flaws)

OpenOffice.org (heap overflows, code execution)
**********

Three new patches from Gentoo:

Comix (multiple flaws)

JRockit (multiple flaws)

SILC (multiple flaws)
**********

Today's malware news:

Fly Phishing
Some phishing gangs have a new technique. They're using trojan-spy applications. F-Secure blog, 04/25/08.

Huge Web hack attack infects 500,000 pages
Attacks on legitimate Web domains, including some belonging to the United Nations that began earlier this week, have expanded dramatically, security researchers said Friday, with hundreds of thousands of pages hacked by Friday. Computerworld, 04/27/08.

F-Secure: Mass SQL injection

iFrame attacks surge, security firm says
A flood of SQL injection attacks on Microsoft Internet Information Servers are leaving Web pages with malicious iFrames in them, and Panda Security is urging network managers to make sure their Web pages haven't been infected. Network World, 04/24/08.
**********

From the interesting reading department:

Microsoft mislabels Skype as adware
Skype users who have been getting strange error messages from Microsoft's security products over the past week can breathe easy now. It was all a mistake. IDG News Service, 04/23/08.

ISPs' Error Page Ads Let Hackers Hijack Entire Web, Researcher Discloses
Seeking to make money from mistyped website names, some of the United States' largest ISPs instead created a massive security hole that allowed hackers to use web addresses owned by eBay, PayPal, Google and Yahoo, and virtually any other large site. Wired, 04/19/08.

Jason Meserve is multimedia editor at Network World.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed