Episode 5

From EuroTrashSecurity

Revision as of 19:30, 5 March 2011 by Chris (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Episode 5

listen now

Injecting nonsense in your GRC tables !

Our Guest

On this episode we are joined by Justin Clarke, information security rockstar and well-known for his entertaining talks on SQL injection and his 2009 book "SQL injection: Attack and Defense" (published by Syngress). We discuss the in and outs of SQL injection and search for the reason why it is still the number one threat to web applications.

You can follow Justin at http://www.twitter.com/connectjunkie

His book is available at http://bit.ly/86TvzX (Amazon) or http://bit.ly/92ZGab (Syngress)

Prize Question

Justin was so nice to offer us one copy of his book that we can give away to the first person who sends the correct answer to the following question to feedback@eurotrashsecurity.eu :

In blind SQL injection, if you replace a string blah with blah' || 'blah and it still works, which database (or databases) would that suggest are present?

Ok, so we failed to announce the winner in Episode 7 due some logistical issues but we're proud to announce the winner here. (drumroll ...) The winner is Jonathan James from Sweden !!! Enjoy the book Jonathan !

Now, since multiple answers could've been correct we selected the first person to submit at least 2 possible answers. The answer we started from, as provided by Justin was : "Oracle, Postgres or Ingres (and possibly others)"

There are no specific rules for this giveaway other than that only residents of the EU are eligible. The most complete answer will be selected. If we have multiple correct answers the e-mail that arrives in our mailbox first will be the winner. Please include your full name and, if you have one, your twitter name. The winner will be announced on Episode 7, to be released in the week of February 22nd.

News Stories

  • 26C3

Chris was there and had an awesome time. the Chaos Computer Club conference is one of (if not the) oldest hacker conferences in the world and is getting better every year. If you weren't able to attend or watch the live streams, you can still get your geek on by watching the recorded presentations : http://events.ccc.de/congress/2009/wiki/Welcome

  • 2010 bug

We discuss the impact of the 2010 bug on several technologies :

http://www.h-online.com/security/news/item/Problems-obtaining-cash-from-German-ATMs-Update-894801.html

http://www.h-online.com/security/news/item/EC-card-problem-persists-896549.html

http://www.theregister.co.uk/2010/01/06/year_2010_payment_card_bug/

http://www.theregister.co.uk/2010/01/05/windows_mobe_bug/

http://www.h-online.com/security/news/item/EC-card-disaster-French-manufacturer-Gemalto-takes-responsibility-897991.html

http://www.theregister.co.uk/2010/01/09/symantec_endpoint_manager_bug/

  • FIPS certified 'secure' USB sticks hacked

http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html

  • Mr Bean ousts PM from Spain's official website

http://www.theregister.co.uk/2010/01/05/spanish_coup/

  • Why Nominet disconnected more than 1,000 sites with no court oversight

http://www.out-law.com/page-10652

Feedback

As always, you can follow us on twitter (http://www.twitter.com/eurotrashsec) and we welcome your feedback via e-mail on feedback@eurotrashsecurity.eu .