On 9/5/06, Ed Leafe <[EMAIL PROTECTED]> wrote:
That's true of *any* database, or any program, for that matter. If
you deploy anything in an insecure fashion, a bad guy can get to it.
At a recent LUG meeting, we heard from a fellow who participated in a
security conference and contest to unscramble a random 50 Mb block of
stuff. They were given no clues about the underlying drive specs,
partitioning, file system, etc., but used statistical means and a lot
of CPU power to spot the "magic" signatures of various (fragmented)
files to extract a lot of files from the supplied source, not all that
differently from what a disk drive recovery place does, probably.
He'll do a future presentation that I'm sure will be well attended.
Bottom line: if you have physical access to the box, 99% of your
security has failed.
--
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
