Application Security, Inc.’s TeamSHATTER Researcher To Discuss Cryptographic Flaws In Oracle Database Authentication Protocol At Ekoparty Conference

Database Security Expert Esteban Martinez Fayo will Demonstrate How Several New Oracle Vulnerabilities Can Be Exploited, Advise Organizations How to Protect Data

NEW YORK, September 12, 2012 - Application Security, Inc. (AppSecInc), the leading provider of database security solutions for the enterprise, today announced that Esteban Martinez Fayo, researcher with Application Security, Inc’s TeamSHATTER, will be a featured speaker at the ekoparty Security Conference. Ekoparty is an annual security conference in Buenos Aires, Argentina, where security specialists from around the world discuss state-of-the-art techniques, vulnerabilities and security tools. The conference takes place September 19–21 at the Ciudad Cultural Konex in Buenos Aires.

Fayo will take the stage at the ekoparty Conference in a session titled, “Cryptographic Flaws in Oracle Database Authentication Protocol.” During this presentation, Fayo will examine new vulnerabilities in Oracle database native authentication protocol, demonstrate how they were discovered, and show how they can be exploited by remote unauthenticated attackers to compromise Oracle databases. Fayo will pay particular attention to an especially critical vulnerability in which Oracle provides a fix only in a new (incompatible) version of the protocol, while also leaving the current version open to attack.

Attendees will gain an understanding of various workarounds for these Oracle vulnerabilities in order to prevent malicious attacks. They will also learn how cryptographic mistakes lead to such dangerous vulnerabilities.

“The most critical vulnerability that I will be demonstrating allows an attacker to quickly and efficiently crack passwords for known accounts, without leaving a trace,” said Esteban Martinez Fayo, TeamSHATTER researcher. “It is vital for organizations that deploy Oracle databases affected by these vulnerabilities to administer strong workarounds to prevent an attack.”

For more information on the ekoparty Security Conference, please visit: http://www.ekoparty.org/

About TeamSHATTER
TeamSHATTER, the research arm of Application Security, Inc., is the largest dedicated database security, vulnerability and misconfiguration research team in the world. TeamSHATTER maintains the most comprehensive knowledgebase of database vulnerability and misconfiguration checks in the industry and understands how to make security an integral part of an enterprise’s database security and network management infrastructure. TeamSHATTER regularly publishes security advisories, technical papers and research information on www.TeamSHATTER.com.

About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security solutions for enterprise of all sizes. By providing easy to deploy and manage, highly scalable software-only solutions – AppDetectivePro for auditors and IT advisors, and DbProtect for the enterprise – AppSecInc helps customers achieve unprecedented levels of data security, while reducing overall risk and helping to ensure continuous regulatory and industry compliance. Used by more than 1,300 active commercial and government customers worldwide, our proven and award-winning enterprise solutions are backed by the world’s most comprehensive database security knowledgebase from the company’s renowned team of threat researchers, TeamSHATTER.

For more information, please visit: www.appsecinc.com and follow us on Twitter: www.twitter.com/appsecinc | http://www.twitter.com/teamshatter

Contact:
Janel Peterson                                                                       
Application Security, Inc.                                                           
jpeterson@appsecinc.com
781-687-1023