Forwarded from: rm (at) ingsoc.org Hi, THC presents a crypto paper analyzing the database authentication mechansim used by oracle. THC further releases practical tools to sniff and crack the password of an oracle database within seconds. Link: http://www.thc.org/thc-orakel One of the network authentication modes used by Oracle databases uses a weak key exchange mechanism. This mechanism is still used on the newest database versions using Oracle's JAVA drivers. Also, for native Oracle drivers an attack is known to downgrade the authentication mode to the vulnerable version. The orakelsniffert article documents the mechanism used by the weak authentication mode, the complexity and impact of the attack and an example of an attack in the field. A Windows based cracker and a simple JAVA based client application are included to verify the results. Also, a supporting crypto utility is released. Yours sincerly, vonjeek / THC The Hackers Choice http://www.thc.org _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jun 04 2007 - 22:31:41 PDT