Cesar Cerrudo: Data Theft - Hacking databases for owning your data

"Data theft is becoming a major threat, criminals have identified where the money is, In the lafrom fortune 500 companies were compromised causing lots of money losses. This talk will discuss the Data Theft problem st years many databases focusing on database attacks, we will show actual information about how serious the data theft problem is, we will explain why you should care about database security and common attacks will be described, the main part of the talk will be the demostration of unknown and not well known attacks that can be used or are being used by criminals teasily steal data from your databases, we will focus on most used database servers: MS SQL Server and Oracle Database, it will be showed how to steal a complete database from Internet, how tsteal data using a database rootkit and backdoor and some advanced database 0day exploits. We will demostrate that compromising databases is not big deal if they haven't been properly secured. Alsit will be discussed how tprotect against attacks syou can improve database security at your site."

"Cesar Cerrudis a security researcher & consultant specialized in application security. Cesar is running his own company, Argeniss (www.argeniss.com). Regarded as a leading application security researcher, Cesar is credited with discovering and helping fix dozens of vulnerabilities in applications including Microsoft SQL Server, Oracle database server, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, Yahoo! Messenger, etc. Cesar has authored several white papers on database and application security and has been invited tpresent at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest and WebSec."