Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

ORACUDA

New Year, New Computer with New Nvidia graphics card which enables me to report that Vista 64-bit and Nvidia GeForce 9800 GT work fine with CUDA and BarsWF

More graphics cards on the way..
For AMD/ATI users there is CAL which is a similar paralell processing GPU technology.
Elcomsoft are using CUDA technology to speed up it’s password auditing in EDPR which I have just been trying out on some Oracle hashes and it is blindingly fast… however there is currently no public open source implementation of a CUDA or CAL enhanced oracle password auditing tool. My prediction for 2009 is that there will be one soon. Mario Juric has published C++ code for dictionary checking MD5 hashes using CUDA at this URL http://majuric.org/software/cudamd5/source/ and Lazlo Zoth has published source code for a fast Oracle password auditor at this URL http://www.soonerorlater.hu/index.khtml?article_id=513 so it does not take too much of a leap to predict the next stage.
This makes it more urgent to move away from 10g hashing algorithm to 11g. Problem is that the 10g passwords are persisted in sys.user$ even when 11g passwords are used. Therefore good idea to purge the 10g passwords after moving to 11g algorithm.

update sys.user$ set password='';

One of the cliches I hear in forensic circles is that the courts lag well behind the technical industry. This is generally true but here is a good example of an early court decision on the validity of MD5 for checksumming evidence. http://corpau.blogspot.com/2008/02/smile-youre-on-speed-camera.html

Lastly some good news to start the new year as my book Oracle Forensics book, published by Rampant Techpress in May 2008, sold out it’s first print run and was therefore temporarily out of stock – so a second larger print run has been completed and more new copies are available from Rampant Techpress.

Here’s to a safe and forensically secure New Year.
Cheers,
Paul

Leave a Reply

You must be logged in to post a comment.