If it’s about security, you heard it here first
Ca: Police can keep, share records, even after charges dropped: Court
The Ontario Court of Appeal has ruled that police are entitled to keep information on databases about charges that have been withdrawn against individuals and also share these records with other agencies.
The decision, released Thursday, overturned a lower-court ruling that concluded that Peel Regional Police [...]
Ca: Police Vetted Jury Pool For Crown
Police forces in Barrie, Ont., and the surrounding region have been conducting background checks of potential jurors without their knowledge for several years at the request of the Ministry of the Attorney-General, according to documents obtained by the National Post.
Confidential police databases were searched to see if people had [...]
Wendy Murphy: Convicts shouldn’t expect privacy rights
The ACLU in Massachusetts has been scaring people with a fear-mongering claim that cops are violating Criminal Offender Record Information laws by searching through the state’s criminal records database to see whether certain celebrities have rap sheets. They’re using the story to gain support for a proposed amendment to [...]
Why Security Isn’t A Solo Act
High technology’s biggest bet these days is on “cloud computing,” namely massive data centers running databases and application software across networks for businesses, consumers and some combination of the two. The idea is that the shared systems can scale up savings, transactions and innovation faster than ever.
Less talked about, however, [...]
(GET var ‘id’) BLIND SQL INJECTION EXPLOIT –Dog Pedigree Online Database v1.0.1-Beta –>
<!– Envelope-to: email@address Delivery-date: Tue, 19 May 2009 18:55:26 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M6TXC-00079n-Kh for email@address; Tue, 19 May 2009 18:55:26 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id C201F143788; [...]
Advanced blind SQL injection (with Oracle examples), (Tue, May 19th)
Quite often developers ask me if they should put controls about every single parameter that they receive from users of their web application. My answer is, of course, yes. Couple of weeks ago I worked on a penetration test where we exploited a blind SQL injection [...]
MySQL founder creates Open Database Alliance
Monty Widenius, the main author of MySQL, has announced he is setting up the Open Database Alliance (ODA) to consolidate work on the open database.
The ODA will consist of a set of companies offering software, support and services for MariaDB, an enterprise-grade, community-developed branch of MySQL. MySQL serices company Percona [...]
Maldives Elections Commission website hacked
The website of the Maldives Elections Commission was hacked last night and the hackers defaced the homepage of the website. It isn¡¦t sure when the attack had occurred but even by 9:15pm last night the hackers¡¦ message on the homepage had not been removed.
Later, after the website finally went offline, an [...]
UC Berkeley suffers breach
Hackers breached a server in the health services center at the University of California, Berkeley, and accessed the personal data of more than 160,000 people, the college announced Friday. The stored database records included Social Security numbers and health insurance and other medical information. The intruders, believed to be based overseas, burrowed [...]
Mass. police snooped on celebrities’ records
Massachusetts law enforcement personnel tapped into the state criminal records database and inappropriately viewed the personal records of celebrities on dozens of occasions, according to a state audit released Tuesday.
URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/nbjdWYnLkDM/
CVE-2009-0663 (dbd::pg)
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0663
Government looks to ISPs as it cuts comms database plan
The government is set to require all telcos to record data between communications ¡V mobile phones, text message, emails and instant messages, as well as internet browsing sessions to social networking sites such as Facebook.
The details of the Intercept Modernisation Programme were laid out in a [...]
UK: U-turn on ‘Big Brother’ internet checks
Ministers backed down today over plans for a centralised database of email, telephone and internet data.
Home Secretary Jacqui Smith said there were “absolutely no plans for a single central store” of communications data.
Source – Metro
Related – Politics.co.ukRelated – The Scotsman
Reddit It | Digg This | Add to del.icio.us
URL: http://www.pogowasright.org/article.php?story=20090427043932672
CVE-2009-1436 (freebsd)
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1436
[Tools update] The Friday Security-Database Watch Newsletter — v20090424
Posted by SD List on Apr 24
Dear all,
Here is the site’s newsletter "Security Database Tools Watch" (www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days.
We adopted the title "The Friday Security-Database Watch Newsletter".
Many…
URL: [...]
Threat Expert