Dragan on Security

Enterprise Strategy Group just released a research paper comparing the security of Microsoft SQL Server with Oracle and MySQL:

Abstract: The rate of security vulnerabilities documented in the National Vulnerability Database for the major database vendors is noteworthy for the stark contrast between Microsoft, MySQL and Oracle. ESG believes that Microsoft’s investments in secure development processes are responsible for the impressive
results in SQL Server quality. ESG considers Microsoft, with proper execution, to be years ahead of Oracle and MySQL in producing secure and reliable database products.

This paper has been published at Microsoft web site (here).

It might be, who knows…

Based on paper by Krerk Piromsopa and Richard J. Enbody, titled: “Secure Bit: Transparent, Hardware Buffer-Overflow Protection,” and published in IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 4, pp. 365-376, Oct-Dec, 2006, we can expect something interesting to come with their Secure Bit (patent pending) idea. It says:

Abstract
We propose a minimalist, architectural approach, Secure Bit (patent pending), to protect against buffer overflow attacks on control data (return-address and function-pointer attacks in particular). Secure Bit provides a hardware bit to protect the integrity of addresses for the purpose of preventing such buffer-overflow attacks. Secure Bit is transparent to user software: It provides backward compatibility with legacy user code. It can detect and prevent all address-corrupting buffer-overflow attacks with little runtime performance penalty. Addresses passed in buffers between processes are marked insecure, and control instructions using those addresses as targets will raise an exception. An important differentiating aspect of our protocol is that, once an address has been marked as insecure, there is no instruction to remark it as secure. Robustness and transparency are demonstrated by emulating the hardware, booting Linux on the emulator, running application software on that Linux, and performing known attacks.

You can read full paper here.

Note: Subscription is required to read or you can buy that article.

Antivirus firm McAfee warned Windows users that the company had discovered a worm, dubbed W32/Realor, actively infecting Real Media files. The infected video files do not contain an exploit for the RealOne or Real players, but a hyperlink that points to a malicious Web site. When infected files are opened, the victim is referred to the Web site, which attempts to compromise their computer using a previously patched flaw in Internet Explorer.

There are numerous disadvantages to using video files to carry malicious code, but using the technique may allow attacker to take advantage of users’ expectations, said Craig Schmugar, senior threat researcher with McAfee’s antivirus emergency response team.

“A chunk of people generally regard video files as safe, where they might treat screensavers and Office documents with some caution,” Schmugar said.

Sources: SecurityFocus, McAffe.

Read McAfee Avert Labs Blog post on this here.