NGSSoftware news

SC AWARDS EUROPE 2008: Winners announced

NGS — Wed, 23 Apr 2008 14:15:04 +0000

“The accolade for Best Security Company went to UK based NGSSoftware. A beaming David Litchfield, the managing director, accepted the award from Lumension’s Andrew Clarke. ”

Read the full article at SC Magazine.

NGSSoftware’s Press Release.

David LeBlanc’s 15 Most Influential Security People

NGS — Tue, 18 Mar 2008 06:42:59 +0000

“Same thing for SQL – used to be a security mess, now it’s really solid – and thanks to NGS for helping”

Read the full article at David LeBlanc’s Web Log.

How to combat the Sans Institute’s top 10 security threats

NGS — Mon, 14 Jan 2008 13:58:59 +0000

Read the latest article from NGSSoftware’s Tim Mullen at ComputerWeekly.com.

“If one were to go back through the archives of the Sans Institute’s Top Threats lists, some of which I have contributed to, one would find the range of threats and vulnerabilities shifting and changing through the years along with the ever-changing security landscape itself - writes Timothy Mullen, vice-president of consulting services at NGSSoftware.”

Survey finds thousands of database servers open to attack

NGS — Wed, 14 Nov 2007 10:32:33 +0000

“Litchfield said. “Whilst it’s not possible to say how many of these systems are engaged in a commercial function, with just under half a million servers accessible there is clearly potential for external hackers and criminals to gain access to these systems and to sensitive information.”"

Read the full article at SearchSecurity.com.

Thousands of Unprotected Databases Litter the Internet

NGS — Wed, 14 Nov 2007 10:26:10 +0000

“The findings represent a “significant risk,” according to David Litchfield, the security researcher who authored the report. “With just under half a million servers accessible, there is clearly potential for external hackers and criminals to gain access to these systems and to sensitive information,” he said. ”

Read the full article at eWeek.com.

Half Million Database Servers Lack Firewall Security

NGS — Wed, 14 Nov 2007 10:23:07 +0000

“Litchfield took a look at just over 1 million randomly generated Internet Protocol [IP] addresses, checking them to see if he could access them on the IP ports reserved for Microsoft SQL Server or Oracle’s database. The results? He found 157 SQL servers and 53 Oracle servers. Litchfield then relied on known estimates of the number of systems on the Internet to arrive at his conclusion: “There are approximately 368,000 Microsoft SQl Servers… and about 124,000 Oracle database servers directly accessible on the Internet,” he wrote in his report, due to be made public next week.”

Read the full article at PCWorld.com.

Black Hat 2007: New database forensics tool could aid data breach cases

NGS — Fri, 03 Aug 2007 08:07:02 +0000

“A new database forensics tool being developed by database security guru David Litchfield could help data breach investigators build evidence against attackers.

itchfield, managing director at UK-based NGS (Next Generation Security) Software Ltd. plans to release the Forensic Examiners Database Scalpel. The new tool is designed for Oracle database management systems and automates the process of sifting through mountains of system metadata to discover the cause and extent of a data security breach.”

Read the full article at SearchSecurity.com.

Researchers Flag VoIP Exploits at BlackHat

NGS — Fri, 03 Aug 2007 08:03:41 +0000

“Barrie Dempster, senior security consultant at NGS Software, who also gave a presentation on the topic of VOIP security at Black Hat, commented that the iSec Partners exploits against H.323 and IAX represented valuable research. But he added that if these exploits are possible based on network sniffing, the first order of concern should be that an attacker is sniffing the network.”

Read the full article at PCWorld.com.

VoIP Vandals

NGS — Fri, 03 Aug 2007 08:00:40 +0000

“VoIP is about convergence. The idea is that you save money and resources and time,” said Barrie Dempster, a senior security consultant at Next Generation Security Software who made a presentation at the conference. “But convergent systems give you more avenues of attack, more ways in. It’s not a secure environment.”

Read the full article at Forbes.com.

ActiveX flaws plague SAP GUI

NGS — Mon, 09 Jul 2007 14:28:36 +0000

“Two critical ActiveX flaws have been discovered in EnjoySAP, German business software vendor SAP AG’s new graphical user interface designed to improve the end user experience.

The discovery was made by security researcher Mark Litchfield of UK-based Next Generation Security (NGS) Software, who said the flaws could be remotely exploited by an attacker to gain access to a user’s system.”

Read the full article at SearchSecurity.Com.