ESET Nod32 Antivirus | Antispyware | Console d administration
Chercher :
Newsletter :  
Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs



Abonnez vous � Nessus Professional Feed !

Sponsors :

Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- Commentaires

Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs

Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques

Secumail :
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS/XML :
- Articles
- Brèves
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS SecuObs :
- sécurité
- exploit
- windows
- microsoft
- réseau
- attaque

RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network

RSS Videos :
- vmware
- security
- virus
- windows
- biometric
- lockpicking

RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco

RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques

RSS OPML :
- Français
- International

Abonnez vous � Nessus Professional Feed !


Revue de presse francophone :
- Logiciels Radio IP et Day Wireless forment un partenariat pour offrir une solution VPN mobile à la South Bay Regional Public Communications Authority
- Maître Henri Leben Les modalités d'évaluation du préjudice en cas de perte de données
- HackBBS Hack en situation réelle Voir le sujet - Présentation de Lauplesser
- Pour augmenter sa portée, l'e-commerce doit savoir rassurer
- Les outils collaboratifs confortent leur position en entreprises
- Une interface unique pour rend les appareils électroniques plus accessibles
- BitDefender protège contre les nouvelles vulnérabilités d'Internet Explorer 6 et 7
- Verizon Business intègre le consortium Open Identity Exchange
- securite Le botnet Zeus revient sur le devant de la scène
- Adobe Flash lecture de fichiers
- Empêcher l'intrusion lors des connexions Bluetooth est une question d'ordre
- Yves Jégo cumule les gaffes sur le Net
- Exclusive Networks Group remporte le prix du meilleur distributeur de Fortinet
- CUPS élévation de privilèges via lppasswd
- Asie les entreprises pétrolières adoptent les outils collaboratifs

Dernier articles de SecuObs :
- Edenwall obtient une subvention de la DGA
- Imposter 0.9 une plateforme de phishing ciblant les navigateurs Web
- Une faille dans l’implémentation RSA de OpenSSL
- Flint un scanner pour simuler, vérifier et nettoyer les règles de filtrage
- SET 0.4.1 - Social Engineering Toolkit - une plateforme de Social Engineering
- 100 000 dollars pour le Pwn2own 2010
- Un botnet qui rapporte gros
- Webraider offre un reverse shell contre une simple injection SQL
- Des nouvelles du traité secret ACTA
- Keimpx un outil d'audit pour les réseaux Microsoft Windows

Revue de presse internationale :
- MAKE A Maker Business Adafruit Industries how it s made an open source hardware company in NYC
- Friday Summary- March 11, 2010
- Health care entities need clear guidance on analyzing risk for meaningful use
- Malware It keeps going, and going and going
- NetworkWorld ITRoadmap 2010???
- Grecs Weekly Infosec Ramblings for 2010-03-11
- Internet Explorer 8 Security Tips
- Russian brides attempt to thaw the ice for winter spammers
- Firefox 3.6 is being pushed out to users. http www.mozilla.com en-US firefox 3.6 releasenotes , Fri, Mar 12th
- Cisco tries to expand video calling with IME
- FCW DHS could hire 1,000 more cybersecurity professionals
- Old linux news NETGEAR Announces RangeMax Wireless-N Gigabit Router
- Worth peeking at your VPN Configs US-CERT Vulnerability Note VU 261869
- Ubuntu Karmic ctrl-alt-backspace lives
- Inspired by mubix corq s geek wishlist

Annuaire des videos
- smartphone botnet article
- Understanding botnet
- Official sqlmap video demonstration 10
- Official sqlmap video demonstration 12
- Creating running and deleting files with Device File names
- Using SSLStrip to proxy an SSL connection and sniff it
- FIREWALL LINUX IPTABLES Disquete de Boot do BrazilFW www professorramos com
- RSA Conference USA 2010 Opening Ceremony
- Shmoocon 2010 Blackberry Mobile Spyware The Monkey Steals the Berries 4 6
- RSA Conference USA 2010 Remarks from Secretary Janet Napolitano US Homeland Security 1
- Shmoocon 2010 GPU vs CPU Supercomputing Security Shootout 1 3
- RSA Conference USA 2010 Shifts in the Security Paradigm What Cloud and Collaboration Demand
- Malware Analyzis Sandbox and PC Remote Control over Twitter Hak5
- Biometric ID Card Storm Troopers Raid Philly Bars
- BIOMETRIC ID CARD

Revue Twitter
- @ivanristic ones where I have multiple VMs spinning up/down in 'the cloud' or at least in multiple datacenters that I own, scale/mgmt issues
- @sergicles No probs Serg. @Securusglobal will be happy to host your lab for you in a cloud and at a very reasonable cost also. Ready 2 roll?
- Sounds like something mid year could have potential. Aiming for before AusCert. Thinking Melbourne also. What sort of topics guys ?
- Just now getting some time to catch up on the Internets. Another IE 0day in the wild already?
- Writing shellcode in C: 2288 bytes of shellcode to inject appended, different shellcode into a process like explorer.exe.
- Correction: initial shellcode is 1930 bytes. 2288 bytes is with the payload shellcode.
- if your firewall CPU utilization is creeping up week-by-week, shouldn't your MSSP tell you, or just wait 'till it dies #MSSPFAIL
- Reminder: we're having this week's CloudAudit/A6 call today: http://tinyurl.com/ybjcz42 10am PST/1pm EST. In 5 min... /via @Beaker -FFS!
- Was in a great mood until I realized I missed the cloudaudit call.
- RT @nicowaisman: Follow me on this thesis: heap spray makes researchers dull boys.

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse
Annuaires des videos : vmware, security, virus, windows, biometric, lockpicking, password, botnet, metasploit, tutorial, attack, crypt, linux

+ de mots clés pour les videos
Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter



Top bi-hebdo des articles de SecuObs
- Apprendre à parler Skype pour mieux le faire taire !
- Des nouvelles du traité secret ACTA
- Une faille dans l’implémentation RSA de OpenSSL
- SET 0.4.1 - Social Engineering Toolkit - une plateforme de Social Engineering
- Keimpx un outil d'audit pour les réseaux Microsoft Windows
- 100 000 dollars pour le Pwn2own 2010
- Webraider offre un reverse shell contre une simple injection SQL
- Les acteurs de la lutte contre la cybercriminalité
- Keimpx un outil d'audit pour les réseaux Microsoft Windows
- Un botnet qui rapporte gros

Top bi-hebdo de la revue de presse
- Sea World killer whale attack video leads to malware
- How to Jailbreak iPhone 3.1.3 IPSW with PwnageTool 3.1.5
- Dev Team Confirms iPhone 3.1.3 IPSW Jailbreak
- Rozlyn Papa sex tape rumours lead to malware
- FREE Kaspersky Internet Security 2010 Activation Code Valid for 6 Months
- Bajolet a-t-il dénoncé des agents de la DGSE
- installer backtrack 4 [tuto]
- Nouveau dictionnaire WPA Livebox
- Windows 7 browser choice screen March 1 Office 2010 ballot screen Highly critical Firefox vulnerability Google CEO Schmidt knows everything about you
- Flight simulator, c est périmé

Top bi-hebdo de l'annuaire des videos
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- install MacOSX Snow Leopard in Windows PC using Vmware Workstation as virtual machine
- Blaze botnet in action www opensc ws
- Windows Backtrack 4 in Virtualbox Part 1
- Basic Squid Proxy Server Tutorial Part 3 of 3
- Ch0ry Euro iPhone 3G 3GS 30 Hack WIFI key
- Running Wireshark on Mac OS X 10 6 Snow Leopard
- Windows XP Pro SP3 in VMWare off iSCSI Target using gPXE over 802.11n
- SSLstrip wmv
- Avast Internet Security 5 0 396 Final Free Full Download Licensed with Serial Key

Top bi-hebdo de la revue Twitter
- Wirshark + SSH = Wireshark Remote Capturing - http://www.howtoforge.com/wireshark-remote-capturing (via @welias)
- RT @FrikiFeeds: The newbie's guide to hacking the Linux kernel | TuxRadar Linux http://dlvr.it/6sQp
- RT @manicode: Very interesting Java ESAPI-like library coming out of Apache : http://bit.ly/9poefg
- Exploit for Apache mod_isapi = 2.2.14 Dangling Pointer (CVE2010-0425) vulnerability ported to Metasploit http://bit.ly/ctDQjk
- Watching Metasploit Tricks 1 from @mubix - http://vimeo.com/9695470
- Discoverer: Automatic Protocol Reverse Engineering from Network Traces #pdf http://ow.ly/1gHd1
- RT @InfoSec208: The Virtual USB Analyzer: http://bit.ly/dpXc5F
- RT @damienmiller: Help test the new OpenSSH release (it's a big one): http://bit.ly/avLI9B #openbsd #openssh
- Product Watch: Free Tool Cleans Up Rusty, Unsafe Firewall Settings - Dark Reading http://bit.ly/d8hGhS #Security
- Apache releases version 2.2.15 with 5 security fixes including OpenSSL issue. http://bit.ly/9OGP6H

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- Microsoft Gazelle, mini-OS virtuel basé sur MashupOS pour une navigation Web sécurisée par isolation
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Hacking Hardware - Partie 1] - Introduction et présentation

Database Security: The Other First Steps
Les derniers commentaires publiés sur SecuObs (1-5):
- Skype - URI Handler Input Validation
- OWASP CSRFTester Test Applications for CSRF
- ESRT @MarioVilas @DidierStevens - Added shellcode to Tweet to my library
- ESRT @ThisIsHNN @th3j35t3r - releases 2nd video of enhanced XerXeS attack - i
- plecost v0.2.2-7 Beta Update
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]
S'abonner au fil RSS global de la revue de presse


Database Security: The Other First Steps

Par Securosis Blog
Le [2009-07-03] à 20:08:15


Présentation : Going through my feed reader this morning when I ran across this post on Dark Reading about Your First Three Steps for database security. As these are supposed to be your first steps with database security, the suggestions not only struck me as places I would not start, it offered a method that I would not employ. I believe that there there is a better way to proceed, so I offer you my alternative set of recommendations. The biggest issue I had with the article was not that these steps did not improve security, or that the tools were not right for the job, but the path you are taken down by performing these steps are the wrong ones. Theoretically its a good idea to understand the scope of the database security challenge when starting, but infeasible in practice. Databases are large, complex applications, and starting with a grand plan on how to deal with all of them is a great way to grind the process to a halt and require multiple restarts when your plan beaks apart. This article advises you start your process by cataloging every single database instance, and then try to catalog all of the sensitive data in those databases. This is the security equivalent to a 'cartesian product' with a database select statement. And just as it is with database queries, it results in an enormous, unwieldy amount of data. You can labor through the result and determine what to protect, but not how. At Securosis, we're all about simplifying security, I am a personal advocate of the 'divide and conquer' methodology. Start small. Pick the one or two critical databases in your organization, and start there. Your database administrator knows which database is the critical one. Heck, even your CFO knows which one that is: it's that giant SAP/Oracle one in the corner that he is still pissed off he had to sign the $10 million dollar requisition for. Now, here are the basics steps: * Patch your databases to address most known security issues. Highly recommended you test the patch prior to operational deployment. * Configuring your database. Consult the vendor recommendations on security. You will need to balance these suggestions with operational consistency (i.e. don't break you applications). There are also third party security practitioners who offer advice on their blogs for free, and free assessment tools that will help a lot. * Get rid of the default passwords, remove unneeded user accounts, and make sure that nothing (users, web connections, stored procedures, modules, etc) is available to the 'public'. Consider this an education exercise to provide base understanding of what needs to be addressed and how best to proceed. At this point you should be ready to a) you can document what exactly your 'corporate configuration policies' are and b) develop a tiered plan of action to tackle databases in descending order of priority. Keep in mind that these are just a fraction of the preventative security controls you might employ, and does not address active security measures or forensic analysis. You are still a ways off from employing more intermediate and advanced security stuff ... like Database Activity Monitoring, auditing and Data Loss Prevention. - Adrian (0) Comments[] [] [] [][]

Les mots clés de la revue de presse pour cet article : database security
Les videos sur SecuObs pour les mots clés : database security
Les mots clés pour les articles publiés sur SecuObs : security
Les éléments de la revue Twitter pour les mots clé : database security



AddThis Social Bookmark Widget



Les derniers articles du site "Securosis Blog" :

- Friday Summary- March 11, 2010
- Low Hanging Fruit Quick Wins with Data Loss Prevention
- Upcoming Webinar Database Assessment
- Database Security Fundamentals Patching
- Incite 3 9 2010 - Ten Reasons I Love the RSAC
- Is it Wireless Security or Secure Wireless
- SecurosisTV Low Hanging Fruit - Endpoint Security
- RSA Tomfoolery APT is the Fastest Way to Identify Fools and Liars
- Securosis at RSA Conference 2010
- FireStarter Will Social Media Kill the Conference Star



S'abonner au fil RSS global de la revue de presse
Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

Si vous voulez bloquer ce service sur vos fils RSS :
 - avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail





Les derniers commentaires publiés sur SecuObs (6-25):
- cookiemonster v1.6
- Automatic Reverse Engineering of Data Structures from Binary Execution
- Samhain v2.6.3 Beltane v2.3.19 released
- Social-Engineering Ninja v0.1 Beta - PHP scripts
- Botan 1.9.4
- The Beginning of the End of Data Retention
- A Notepad PoC for the remote CHM help file hijack MS vulnerability
- What's New in Chanalyzer 34
- gnupg 2.0.15
- fwbuilder 4.0.0
- ESRT @sbrabez - w3af 10-rc2 updated on FreeBSD
- ESRT @MarioVilas - gnupgpy is a Python API which wraps the GNU Privacy Guard
- ESRT @mosesrenegade @JoelEsler - How to make Snort Attribute tables using Nma
- ESRT @Trancer00t - Metasploit exploit module for the new MSIE 0day vuln
- ESRT @ToolsWatch - FireCAT v1.6.2 updated with 4 Firebug add-ons
- ESRT @komeilipour - Discoverer: Automatic Protocol Reverse Engineering from N
- BeEF Key Logging
- SubSeven v2.3.2010 released
- OpenSCAP v0.5.7 released
- Building a Linux Incident Response Forensic Disk


SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Archives Failles Secunia :
- SA38868 Debian update for tdiary
- SA38890 NUs Newssystem id SQL Injection Vulnerability
- SA38876 Fedora update for samba
- SA38912 Kandidat CMS contentcenter Cross-Site Scripting Vulnerability
- SA38893 Jevci Siparis Formu Database Disclosure Security Issue

Archives Mailing Full Disclosure :
- Full-disclosure Claude Mercier/CLSC-CHSLD BVLV/Reg03/SSSS est absent(e).
- Full-disclosure ZDI-10-027: Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability
- Full-disclosure ZDI-10-028: Skype URI Processing Arbitrary XML File Deletion Vulnerability
- Re: Full-disclosure credit union phishing scam
- Re: Full-disclosure credit union phishing scam

Archives Mailing Bugtraq :
- USN-909-1 dpkg vulnerability
- Skype URI Handler Input Validation
- MDVSA-2010:060 squid
- Vulnerabilities in Abton
- Multiple vulnerabilities in SUPERAntiSpyware and Super Ad Blocker
- SECURITY DSA 2011-1 New dpkg packages fix path traversal

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :