Sign up to save your podcasts
Or
Share David Litchfield - Oracle Data Redaction is Broken
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
David Litchfield - Oracle Data Redaction is Broken
Slides here: https://defcon.org/images/defcon-22/dc-22-presentations/Litchfield/DEFCON-22-David-Litchfield-Oracle-Data-Redaction-is-Broken.pdf
Oracle Data Redaction is Broken
David Litchfield SECURITY SPECIALIST, DATACOM TSS
The Oracle data redaction service is a new feature introduced with Oracle 12c. It allows sensitive data, such as PII, to be redacted or masked to prevent it being exposed to attackers. On paper this sounds like a great idea but in practice, Oracle's implementation is vulnerable to multiple attacks that allow an attacker to trivially bypass the masking and launch privilege escalation attacks.
David Litchfield is a computer security researcher with a special interest in buffer overflow exploitation and database systems. He has written and contributed to several books including the Shellcoder's Handbook, The Database Hacker's Handbook and the Oracle Hacker's Handbook. He spends his spare time diving with great white sharks.
Twitter: @dlitchfield
View all episodes
Slides here: https://defcon.org/images/defcon-22/dc-22-presentations/Litchfield/DEFCON-22-David-Litchfield-Oracle-Data-Redaction-is-Broken.pdf
Oracle Data Redaction is Broken
David Litchfield SECURITY SPECIALIST, DATACOM TSS
The Oracle data redaction service is a new feature introduced with Oracle 12c. It allows sensitive data, such as PII, to be redacted or masked to prevent it being exposed to attackers. On paper this sounds like a great idea but in practice, Oracle's implementation is vulnerable to multiple attacks that allow an attacker to trivially bypass the masking and launch privilege escalation attacks.
David Litchfield is a computer security researcher with a special interest in buffer overflow exploitation and database systems. He has written and contributed to several books including the Shellcoder's Handbook, The Database Hacker's Handbook and the Oracle Hacker's Handbook. He spends his spare time diving with great white sharks.
Twitter: @dlitchfield