Thursday, April 23, 2009

quick misc blurbage

sqlmap: the new version sounds pretty niftified... reading the whitepaper atm.

GreenSQL: on the other side, this tool sounds potentially nifty... a reverse proxy for SQL connections which uses positive and negative security models. perhaps granular proxies like this can be combined with WAFs to provide reasonable app-layer protection, or perhaps you'll just end up with a huge blog of false-negatives and false-positives and an unmanageable nightmare ;)

Joint Strike Fighter theft: so add another tally for china i guess (unverified). the bit that stands out to me is that the volume of information stolen was "several terabytes". gonna take a step back from the hype and just point out that very low-tech things like a human watching network flows and trends based on protocol and destination might've been helpful here. maybe some lost-cost common sense defensive controls will come out of the DoD hiring hackers... it'd be an interesting network to try to defend...

No comments: