Site Map for PeteFinnigan.com
- Oracle Security from Limited - /
- Limited Oracle Security Advisory - Jan 2008 Critical Patch Update - /Advisory_CPU_Jan_2008.htm
- ChgPwd.zip
- Oracle_11g_Security.pdf
- Oracle_11g_Security_6slides.pdf
- Oracle_Forensics.pdf
- Oracle_Forensics_6slides.pdf
- Oracle_Security_Masterclass.pdf
- Oracle_Security_Masterclass_6slides.pdf
- Oracle_Security_On_Windows.pdf
- Oracle_Security_VPD.pdf
- Oracle_Security_VPD6Slides.pdf
- Oracle_Security_Windows_ukoug.pdf
- Oracle_security_tools.pdf
- Oracle_security_tools_6slides.pdf
- Storing_Data_Directly_From_Oracle_SGA.pdf
- aa.sql
-
 About Our Company - /about.htm
- ah.sql
- Oracle security alerts - /alerts.htm
- attrib.sql
- /audit/
- audit_last_logon.sql
- bbed_used_to_change_sys_password.pdf
- /bio/
- Oracle Security and Other books - /books.htm
- check_parameter.sql
- Company Details - /contact.htm
- dbms_scheduler.pdf
- /default/
- directory_traversal.pdf
- /events/
- /feedback/
- find_all_privs.sql
- find_audit_privs.sql
- /guestbook/
- idl.sql
- /innews/
- /issues/
- Oracle Security MasterClass scripts - /masterclass.htm
- /masterclass/
- newrecent.htm
- news_letter_001.pdf
- newsub.htm
- newunsub.htm
- Oracle Security papers - /oracle_security.htm
- oracletest.perl
- Oracle Security papers - /orasec.htm
- Undocumented Oracle - /other.htm
- /papers/
- patch.pdf
- Limited Privacy Statement - /privacy_statement.htm
- Oracle FAQ's, Tips and ramblings - /ramblings.htm
- /ramblings/
- rowid.sql
- /sans/
- /scanner/
- search.htm
- /services/
- sha1.sql
- /sitemap/
- sql.htm
- sqlinject.sql
- /stats/
- Limited Privacy Statement - /template.htm
- /tips/
- Tools - /tools.htm
- /training/
- unix.htm
- unwrap.sql
- unwrap_r.sql
- /updates/
- vpd.sql
- Web Links - /weblinks.htm
- /weblog/
- Pete Finnigan's Oracle security weblog - /weblog/archives/
- A new Oracle security based weblog - /weblog/archives/00000001.htm
- Are your system triggers firing? - /weblog/archives/00000002.htm
- Truncating the audit trail - /weblog/archives/00000003.htm
- Arup Nanda is interviewed about the Oracle security patch nightmare - /weblog/archives/00000004.htm
- The SANS S.C.O.R.E. Oracle security checklist has been updated - /weblog/archives/00000005.htm
- KK Mookhey writes about auditing Oracle security - /weblog/archives/00000006.htm
- eweek article: Oracle Users Take Aim at High Costs, Security Silence - /weblog/archives/00000007.htm
- Oracle Database 9i SQL Command Buffer Overflow Vulnerability - /weblog/archives/00000008.htm
- Creating read only users - /weblog/archives/00000009.htm
- Oracle announce that clients also need patching for alert #68 - /weblog/archives/00000010.htm
- find_all_privs.sql : A script to find all privileges allocated to a user or role - /weblog/archives/00000011.htm
- Tools page updated - /weblog/archives/00000012.htm
- who_has_role.sql : A script to find which users and roles have been granted a role - /weblog/archives/00000013.htm
- Howard Rogers writes about Virtual Private databases - /weblog/archives/00000014.htm
- Hiding literal strings in PL/SQL - /weblog/archives/00000015.htm
- Tools page has been updated again - /weblog/archives/00000016.htm
- who_has_priv.sql : script to find user who have been granted a system privilege - /weblog/archives/00000017.htm
- Oracle remids all customers to apply Patches for alert #68 - /weblog/archives/00000018.htm
- Oracle 9i union flaw - /weblog/archives/00000019.htm
- preventing password leakage with SQL*Loader - /weblog/archives/00000020.htm
- which special characters can be used in Oracle database passwords - /weblog/archives/00000021.htm
- People are now looking for alert 68 exploits! - /weblog/archives/00000022.htm
- expired passwords, ORA-01045 and password changes - /weblog/archives/00000023.htm
- Scanning for Oracle databases on your network - /weblog/archives/00000024.htm
- SQL Injection papers - /weblog/archives/00000025.htm
- who_can_access.sql : a script to find uses and roles that can access a particular object - /weblog/archives/00000026.htm
- eweek article on alert #68 discusses public exploit availability - /weblog/archives/00000027.htm
- where is the next monthly patch? - /weblog/archives/00000028.htm
- computerworld have also picked up the patch quickly story - /weblog/archives/00000029.htm
- Listener security guide - /weblog/archives/00000030.htm
- A tuning book and security? - /weblog/archives/00000031.htm
- An interesting SQL Injection paper - /weblog/archives/00000032.htm
- creating read only tables - /weblog/archives/00000033.htm
- More SQL Injection: A paper on Oracle SQL Injection by Stephen Kost - /weblog/archives/00000034.htm
- Customers Gripe About Oracle's Patch Plan" - /weblog/archives/00000035.htm
- The code for the SANS Oracle security step-by-step book has had a small update - /weblog/archives/00000036.htm
- More direct SGA access - /weblog/archives/00000037.htm
- some interesting comments on ORACLE-L about alert #68 - /weblog/archives/00000038.htm
- Auditing DBA's? - /weblog/archives/00000039.htm
- new shell for Windows - /weblog/archives/00000040.htm
- check_parameter.sql : script added to my tools page - /weblog/archives/00000041.htm
- You can search inside the SANS Oracle security step-by-step guide - /weblog/archives/00000042.htm
- Is setting trace a security risk? - part 1 - /weblog/archives/00000043.htm
- Steve Feuerstein talks about best practices for NDS in 10g - /weblog/archives/00000044.htm
- technewsworld.com says "Oracle's Security Luck Runs Out" - /weblog/archives/00000045.htm
- Ken Jacobs talks about the monthly patch release cycle - /weblog/archives/00000046.htm
- Oracle issue an ALERT note saying use of OPatch for multiple patches can corrupt the inventory - /weblog/archives/00000047.htm
- Another issue with alert 68 on AIX 32 bit - /weblog/archives/00000048.htm
- Frank Nimphius talks about JAAS and declarative J2EE security - /weblog/archives/00000049.htm
- 2 new books on Oracle security - /weblog/archives/00000050.htm
- Writing to the alert log - /weblog/archives/00000051.htm
- Allowing a user read-only access to stored procedure source code - /weblog/archives/00000052.htm
- Oracle applications auditing - /weblog/archives/00000053.htm
- more info on DBMS_SYSTEM.KSDWRT - /weblog/archives/00000054.htm
- Tales of the Oak Table - Dave Ensors comments on Oracle security - /weblog/archives/00000055.htm
- interesting thread on how to secure a third party application - /weblog/archives/00000056.htm
- massive data theft from a database in California - /weblog/archives/00000057.htm
- Brian Duff talks about connecting to Oracle servers with ssh - /weblog/archives/00000058.htm
- white papers section updated for Roby Sherman papers - /weblog/archives/00000059.htm
- Can I connect to the database as the user PUBLIC? - /weblog/archives/00000060.htm
- Interesting question about Sarbanes-Oxley on Oracle 7.3.3 - /weblog/archives/00000061.htm
- Howard Rogers new paper on secure application roles - /weblog/archives/00000062.htm
- Another good paper by Howard Rogers on read-only tables - /weblog/archives/00000063.htm
- Can application names be changed to spoof logon triggers? - /weblog/archives/00000064.htm
- The 9.2.0.6 patch set is out - /weblog/archives/00000065.htm
- Nice four part paper on label security by Jim Czuprynski - /weblog/archives/00000066.htm
- Don Burleson: Oracle fraud alert - /weblog/archives/00000067.htm
- Howard Rogers has a new ebook out - /weblog/archives/00000068.htm
- Oracle passwords : A few not too well known facts - /weblog/archives/00000069.htm
- Patrik Karlsson releases OScanner - A new free Oracle security vulnerability scanner - /weblog/archives/00000070.htm
- Post on ORACLE-L : Exploring Oracle November 2004 and REMOTE_OS_AUTHENT - /weblog/archives/00000071.htm
- Two great papers and tools by Tim Gorman - /weblog/archives/00000072.htm
- A lot of new pages on my site - /weblog/archives/00000073.htm
- Amis blog - Script to clear out a users schema - /weblog/archives/00000074.htm
- A new Oracle default password checking tool is available - /weblog/archives/00000075.htm
- Patch set 9.2.0.6 for Win32 is causing debate - /weblog/archives/00000076.htm
- Small update to the default password check scripts - /weblog/archives/00000077.htm
- Restricting object creation and alteration privileges - /weblog/archives/00000078.htm
- Frank Nimphius talks about disabling Forms builder security in 10g - /weblog/archives/00000079.htm
- Colin Maxwell talks about securing web services using JDev and WS-Security - /weblog/archives/00000080.htm
- Oracle VP database and server technology in Germany talks about Oracle patch schedules - /weblog/archives/00000081.htm
- Hack notes books - /weblog/archives/00000082.htm
- Interesting discussion on DBMS_SUPPORT versions - /weblog/archives/00000083.htm
- Exploits and blog software - /weblog/archives/00000084.htm
- Default password lists and updates - /weblog/archives/00000085.htm
- Colin Maxwell talks about keytool and keystores - /weblog/archives/00000086.htm
- Frank Nimphius has an entry about Bruce Schneier in his web log - /weblog/archives/00000087.htm
- 600 Oracle default usernames/passwords available - /weblog/archives/00000088.htm
- Interesting post about PUBLIC privileges in 9.2.0.6 - /weblog/archives/00000089.htm
- Oracle Users Should Take Security Patch 68 Seriously - /weblog/archives/00000090.htm
- Two more "takes" on the Gartner / Oracle exploit information release reluctance - /weblog/archives/00000091.htm
- Oracle announce critical patch update schedule - beginning January 18 2005 - /weblog/archives/00000092.htm
- Update to remote_os_authent=true post - /weblog/archives/00000093.htm
- Colin Maxwell talks about WS-Security in JWSDP 1.5 - /weblog/archives/00000094.htm
- An interesting case of information disclosure - /weblog/archives/00000095.htm
- Slight update to the default password check scripts - /weblog/archives/00000096.htm
- Michael Singer of Intenet News talks about Oracles new patch schedule - /weblog/archives/00000097.htm
- An interesting example of information leakage posted to my blog entry - /weblog/archives/00000098.htm
- Three more news sites are talking about the new patch schedule - /weblog/archives/00000099.htm
- Alleged Oracle Scammer: I Am Not a Crook" - /weblog/archives/00000100.htm
- More news on the new patch schedule - /weblog/archives/00000101.htm
- And there was more news... - /weblog/archives/00000102.htm
- Frank Nimphius talks about showing/hiding UIX components based on isUserInRole() - /weblog/archives/00000103.htm
- OraDep - A tool for analysing dependencies - /weblog/archives/00000104.htm
- And more... - /weblog/archives/00000105.htm
- Two new books on Oracle security received - /weblog/archives/00000106.htm
- Amis blog - shows how to create a certificate and configure OC4J to use it - /weblog/archives/00000107.htm
- Frank Nimphius talks about displaying the authenticated username in ADF UIX using EL. - /weblog/archives/00000108.htm
- Updates to the default password list and checker for SAP default users - /weblog/archives/00000109.htm
- Oracle secalert_us have sent out emails to tell some customers about the quarterly patch schedule - /weblog/archives/00000110.htm
- Frank has two interesting blog entries that relate to security - /weblog/archives/00000111.htm
- And still more news stories - /weblog/archives/00000112.htm
- event 28131, event 28119 and Row Level Security - /weblog/archives/00000113.htm
- A new paper on HTMLDB and VPD - /weblog/archives/00000114.htm
- Colin Maxwell talks about reducing the scope for encryption - /weblog/archives/00000115.htm
- Mark Rittman talks about Trace format utilities - /weblog/archives/00000116.htm
- Oracle 9.2.0.6 and alert #68 - /weblog/archives/00000117.htm
- James Morle's book is available as a free pdf - /weblog/archives/00000118.htm
- Edward Stangler talks about running catpatch - /weblog/archives/00000119.htm
- Frank Nimphius paper on J2EE security in Oracle ADF - /weblog/archives/00000120.htm
- Looks like 9.2.0.6 is available on more platforms now - /weblog/archives/00000121.htm
- Edward updates us on his catpatch.sql posting - /weblog/archives/00000122.htm
- oops no link! - /weblog/archives/00000123.htm
- A live file system Linux floppy disk rescue system - /weblog/archives/00000124.htm
- A good list of Oracle security check items - /weblog/archives/00000125.htm
- Ed had an interesting post yesterday about $ tables, DBA views and x$ tables - /weblog/archives/00000126.htm
- Tools page updated - /weblog/archives/00000127.htm
- Buffer overflows and hacking book list - /weblog/archives/00000128.htm
- Edward Stanglers next post in the not running catpatch.sql series - /weblog/archives/00000129.htm
- Application Security Inc has made a search page available for the ploicy check list - /weblog/archives/00000130.htm
- Another great recovery disk - This time a CD - /weblog/archives/00000131.htm
- Ed's latest post in the catpatch.sql series - missing SELECT ANY DICTIONARY PRIVILEGE - /weblog/archives/00000132.htm
- Three great papers on shell codes and encoding and decoding - /weblog/archives/00000133.htm
- Next Edward Stangler post in the missing catpatch.sql series - /weblog/archives/00000134.htm
- Edwards next post in the series of catpatch.sql issues. - /weblog/archives/00000135.htm
- Howard Rogers has started a web log - /weblog/archives/00000136.htm
- Ed's final post in the issues with not running catpatch.sql is there - /weblog/archives/00000137.htm
- 10g Release 2 on the way? - /weblog/archives/00000138.htm
- SANS announces the new Securing Oracle training course - /weblog/archives/00000139.htm
- Colin tells us the WS-Security Jars are not available with the developers release - /weblog/archives/00000140.htm
- Mary Ann Davidson held a guru chat session at OOW - /weblog/archives/00000141.htm
- Auditing the SQL a black box application submits to the database - /weblog/archives/00000142.htm
- Oracle Database 10g Release 2 keynote at Oracle Open World - /weblog/archives/00000143.htm
- Two more accounts of the Chuck Rozwat 10g R2 keynote at OOW - /weblog/archives/00000144.htm
- Addendum to yesterdays auditing SQL from black box third party applications - /weblog/archives/00000145.htm
- Justin talks more about the 10g R2 keynote at OOW - /weblog/archives/00000146.htm
- The OOW keynotes are available online at OTN - /weblog/archives/00000147.htm
- Frank has a good example of simple J2EE form based authentication for ADF UIX - /weblog/archives/00000148.htm
- Oracle 9.2.0.6 patch set is now available for Linux - /weblog/archives/00000149.htm
- Oracle have made a press release about the database 10g release 2 announcement - /weblog/archives/00000150.htm
- Justin Kestelyn sums up Oracle Open World - /weblog/archives/00000151.htm
- News.com article : Finally, a sensible security scheme - /weblog/archives/00000152.htm
- Comments have been disabled from my weblog - /weblog/archives/00000153.htm
- Niall has clarified the ODBC trace issue - /weblog/archives/00000154.htm
- A useful post on c.d.o.s about ADMIN_RESTRICTIONS_{listener_name} - /weblog/archives/00000155.htm
- Jonathan Lewis talks about the hidden benefits of Oracle 10g - /weblog/archives/00000156.htm
- sitemap added to - /weblog/archives/00000157.htm
- Arup Nanda has a paper on Oracle Security Auditing part 1 on dbazine.com - /weblog/archives/00000158.htm
- Frank has a nice post about improvements to web application security - /weblog/archives/00000159.htm
- Amis blog talks about SQuirrel - an open source database tool - /weblog/archives/00000160.htm
- newsletter will be re-launched soon - /weblog/archives/00000161.htm
- Colin Maxwell talks about the issues of encrypting binary attachments - /weblog/archives/00000162.htm
- Information leakage and goole hacking - /weblog/archives/00000163.htm
- An interesting discussion about revoking privileges from SYS or DBA - /weblog/archives/00000164.htm
- Howard Rogers on dropping the DBA, CONNECT and RESOURCE roles - /weblog/archives/00000165.htm
- Creating a read only user - /weblog/archives/00000166.htm
- Another good point about read only users - /weblog/archives/00000167.htm
- Tools page updated - /weblog/archives/00000168.htm
- Mark has found a good paper on programming Java in stored procedures - /weblog/archives/00000169.htm
- Brian has a nice post about JDeveloper debugging - /weblog/archives/00000170.htm
- Edwards post on Java running in the database - /weblog/archives/00000171.htm
- Post about setting up and using autotrace - /weblog/archives/00000172.htm
- Disabling Oracle writes into NT event log - /weblog/archives/00000173.htm
- Sitemap generation tweaked - /weblog/archives/00000174.htm
- Tools page updated - /weblog/archives/00000175.htm
- Mark has a good post about the new 10g Release 2 version - /weblog/archives/00000176.htm
- Database user account status's in SYS.USER_ASTATUS_MAP - /weblog/archives/00000177.htm
- SYS.USER_ASTATUS_MAP missing values solved - /weblog/archives/00000178.htm
- Bruce Schneier talks about google desktop search security - /weblog/archives/00000179.htm
- All the JDeveloper presentations from Oracle Open World - /weblog/archives/00000180.htm
- Amis blog has an intersting entry about a CJ Date seminar - /weblog/archives/00000181.htm
- Web site statistics page added - /weblog/archives/00000182.htm
- Alert 68 vulnerabilities have been made public - /weblog/archives/00000183.htm
- Encrypting JDBC thin connections with SQL*Net - /weblog/archives/00000184.htm
- Stefan talks about finding the cluster interconnect IP address - /weblog/archives/00000185.htm
- XML DB Beta program for Oracle 10g release 2 - /weblog/archives/00000186.htm
- Role based security management in Oracle designer - /weblog/archives/00000187.htm
- A free Perl based Log Analysis tool - /weblog/archives/00000188.htm
- Happy new year for 2005 - /weblog/archives/00000189.htm
- Oracle security and content management - /weblog/archives/00000190.htm
- Some updates to the Oracle default password list - /weblog/archives/00000191.htm
- Nice article on SQL Injection - /weblog/archives/00000192.htm
- Frank has a review of Bruce Schneier book "Beyond Fear" - /weblog/archives/00000193.htm
- Frank has an interesting post about the movie Troy - /weblog/archives/00000194.htm
- We have moved - /weblog/archives/00000195.htm
- Does January 18th have special significance for Oracle? - /weblog/archives/00000196.htm
- Schema difference tool - /weblog/archives/00000197.htm
- CREATE SCHEMA - does it do what it says on the tin? - /weblog/archives/00000198.htm
- Becoming another user - /weblog/archives/00000199.htm
- A nice simple DBMS_OBFUSCATION_TOOLKIT example by Nimzo Benoni - /weblog/archives/00000200.htm
- Daily, weekly, monthly checklists - /weblog/archives/00000201.htm
- Howard Rogers has a good article about database links - /weblog/archives/00000202.htm
- Nice paper on checking Oracle password strength and enforcing it - /weblog/archives/00000203.htm
- Amis blog has an entry all about OpenVPN - /weblog/archives/00000204.htm
- Security ethics in vulnerability disclosure - /weblog/archives/00000205.htm
- Sarbanes Oxley and Oracle - /weblog/archives/00000206.htm
- Searching metalink from the MS search bar - /weblog/archives/00000207.htm
- Adam Martins Oracle password cracker seems to not be available - /weblog/archives/00000208.htm
- Great tool for security checking a PC - /weblog/archives/00000209.htm
- Penetration testing research and cost effective security - /weblog/archives/00000210.htm
- HTML Kit - /weblog/archives/00000211.htm
- More on Sarbanes Oxley and Oracle - /weblog/archives/00000212.htm
- The first Oracle security alert for Jan 18th - First quarterly scheduled security patch - /weblog/archives/00000213.htm
- Critical patch update - January 2005 is out - /weblog/archives/00000214.htm
- Security alert released by Pete Finnigan - /weblog/archives/00000215.htm
- Two news items about Oracles new security advisory - /weblog/archives/00000216.htm
- Eweek talks about the Critical Patch Update - January 2005 release - /weblog/archives/00000217.htm
- Another critical patch update news article - In German - /weblog/archives/00000218.htm
- Alexander Kornbrust has an advisory for CPU - January 2005 - /weblog/archives/00000219.htm
- Alexander Korbrusts upcoming Oracle security bugs - /weblog/archives/00000220.htm
- Search Oracle talks about the Critical Patch Update - /weblog/archives/00000221.htm
- Translation of www.Heise.de German news article - /weblog/archives/00000222.htm
- Michael Singer on Oracles Critical Patch Update - /weblog/archives/00000223.htm
- In the news page updated - /weblog/archives/00000224.htm
- oops missed off the link - /weblog/archives/00000225.htm
- Steve Kost has released an Integrigy advisory for CPU - January 2005 - /weblog/archives/00000226.htm
- Integrigy releases a useful impact analysis paper on CPU - Jan 2005 - /weblog/archives/00000227.htm
- Tom talks about proxy users - /weblog/archives/00000228.htm
- Amis blog talks about LOG4PLSQL - /weblog/archives/00000229.htm
- Updated internals and Oracle applications security page - /weblog/archives/00000230.htm
- Brian talks about site registration - /weblog/archives/00000231.htm
- default passwords and Oracle default passwords - /weblog/archives/00000232.htm
- Steve talked about an undocumented page on his site - /weblog/archives/00000233.htm
- Frank has a great blog entry about web application security - /weblog/archives/00000234.htm
- A bad way to migrate a database or a good way to retrieve crashed data - /weblog/archives/00000235.htm
- Interesting thread on Oracle-l about ftp'ing data into the database - /weblog/archives/00000236.htm
- Some interesting comments about CPU - Jan 2005 on c.d.o.s - /weblog/archives/00000237.htm
- Andrej Koelewijn talks about google stopping comment spam - /weblog/archives/00000238.htm
- A script to call SQL*Plus without hardcoding passwords - /weblog/archives/00000239.htm
- Happy birthday to orablogs.com - /weblog/archives/00000240.htm
- Google hacking is on the up! - /weblog/archives/00000241.htm
- Yong Huang's web site is excellent - /weblog/archives/00000242.htm
- A repository of security papers - SecurityDocs.com - /weblog/archives/00000243.htm
- Tom talks about encrypting passwords in the database - /weblog/archives/00000244.htm
- A very good paper about weaknesses in password security - /weblog/archives/00000245.htm
- Alternate URL for Yong's site - /weblog/archives/00000246.htm
- Google hacking search string database - /weblog/archives/00000247.htm
- New paper from Aaron Newman - Search Engines used to attack the database - /weblog/archives/00000248.htm
- A password repository for Oracle - /weblog/archives/00000249.htm
- Another undocumented parameter in use (_ash_enable) - /weblog/archives/00000250.htm
- port 1521 and redirection - /weblog/archives/00000251.htm
- Oracle Security Tools page updated - /weblog/archives/00000252.htm
- Ed Has another post in the catpatch.sql series - /weblog/archives/00000253.htm
- Further advice on catpatch.sql - /weblog/archives/00000254.htm
- Use of Windows login details - single sign on for web applications - /weblog/archives/00000255.htm
- Google hacking and reverse engineering Java - /weblog/archives/00000256.htm
- tracing inside a PL/SQL procedure - /weblog/archives/00000257.htm
- Alex has presentation notes available and a forthcoming paper - /weblog/archives/00000258.htm
- Alex Kornbrusts Hardending Oracle Application Server presentation is now in English - /weblog/archives/00000259.htm
- Alex Kornbrust has updated his upcoming security alerts page - /weblog/archives/00000260.htm
- Interesting news post about Mary Ann Davidsons comments on security education - /weblog/archives/00000261.htm
- Comments, spam and statistics spiders - /weblog/archives/00000262.htm
- Amis Blog has an interesting entry on multiple listeners - /weblog/archives/00000263.htm
- Sean Hull has started a weblog based around Oracle and open source - /weblog/archives/00000264.htm
- Jared Still has a new site - /weblog/archives/00000265.htm
- Alex has a new presentation on hardening Oracle client PC's - /weblog/archives/00000266.htm
- Howard Rogers has started a new Oracle forum - /weblog/archives/00000267.htm
- Nice listener.log error parsing script - /weblog/archives/00000268.htm
- Frank has an example on simple J2EE form based authentication - /weblog/archives/00000269.htm
- Oracle have made some big updates to alert #68 - /weblog/archives/00000270.htm
- Google desktop search - /weblog/archives/00000271.htm
- Jonathan Lewis on Row Level Security - /weblog/archives/00000272.htm
- Sean Hulls weblog site is back up - /weblog/archives/00000273.htm
- A GUI default password checking tool - /weblog/archives/00000274.htm
- Mark Woan's GUI .NET password check tool updated link - /weblog/archives/00000275.htm
- The JHeadstart blog talks about J2EE authentication and authorization with JHeadstart - /weblog/archives/00000276.htm
- Jonathan Lewis on Row Level Security - part 2 - /weblog/archives/00000277.htm
- A new free Java based Oracle password management tool - /weblog/archives/00000278.htm
- Kevin Mitnik: New book "The art of intrusion" - /weblog/archives/00000279.htm
- Amis blog talks about logging data in the same table - /weblog/archives/00000280.htm
- Ben talks about 10g flashback - /weblog/archives/00000281.htm
- Oracle buys oblix - /weblog/archives/00000282.htm
- Some news reports about Oracle's purchase of Oblix - /weblog/archives/00000283.htm
- Before I forget, some bloggers have been talking about Oblix / Oracle as well - /weblog/archives/00000284.htm
- A Cuckoo's egg - /weblog/archives/00000285.htm
- How the secret service decodes encrypted evidence - /weblog/archives/00000286.htm
- NCipher have made product updates - /weblog/archives/00000287.htm
- Mark Rittman talks about Fine Grained Access Control - /weblog/archives/00000288.htm
- A good paper about debugging XSLT - /weblog/archives/00000289.htm
- New presentation on advanced SQL Injection - /weblog/archives/00000290.htm
- Alex Kornbrust has presented at Blackhat Amsterdam on Oracle Rootkits - /weblog/archives/00000291.htm
- identity theft and database security - /weblog/archives/00000292.htm
- Alex Kornbrusts repscan tested and added to oracle security tools page - /weblog/archives/00000293.htm
- Pete's audit scripts updated - /weblog/archives/00000294.htm
- Amis Blog talks about writable external tables - /weblog/archives/00000295.htm
- SearchOracle has an excellent Oracle security links page - /weblog/archives/00000296.htm
- Alex Kornbrust has a new paper on google hacking and Oracle - /weblog/archives/00000297.htm
- An interesting post by Mark - /weblog/archives/00000298.htm
- O'Reilly CodeZoo - /weblog/archives/00000299.htm
- Alex Kornbrust has released a new paper "SQL Injection in Oracle Forms" - /weblog/archives/00000300.htm
- Frank talks about the OWASP security conference - /weblog/archives/00000301.htm
- CPU - April 12 is coming? - /weblog/archives/00000302.htm
- Debu has an interesting pointer to an Oracle security paper - /weblog/archives/00000303.htm
- CPU April 12 - 2005 is released - /weblog/archives/00000304.htm
- Oracle ships patches seeded with message digest data - /weblog/archives/00000305.htm
- SearchSecurity.com talks about the Oracle CPU April 12 patch release - /weblog/archives/00000306.htm
- InternetNews.com has a news item about CPU 2 - /weblog/archives/00000307.htm
- CIS Oracle benchmark has been updated - /weblog/archives/00000308.htm
- CPU 12 April researchers advisories - /weblog/archives/00000309.htm
- Another CPU April 12 news item from eweek - /weblog/archives/00000310.htm
- An interesting thread on Oracle-l about BBED - /weblog/archives/00000311.htm
- Another interesting Oracle-l thread on Oracle security auditing - /weblog/archives/00000312.htm
- Amis blog talks about recompling objects - /weblog/archives/00000313.htm
- Another news item about CPU 12 April - /weblog/archives/00000314.htm
- Frank has a fix for Forms 10.1.2 for the SQL Injection issue - /weblog/archives/00000315.htm
- Interesting analysis of CPU 12 April - "To patch or not to patch" - /weblog/archives/00000316.htm
- Jared Still has a new paper on protecting passwords - /weblog/archives/00000317.htm
- Making Oracle Forms more secure - /weblog/archives/00000318.htm
- Esteban Martínez Fayó releases his security advisories for CPU 12 April - /weblog/archives/00000319.htm
- More insights to CPU 12 April and public exploit code - /weblog/archives/00000320.htm
- Frank has a good review of a secure coding book - /weblog/archives/00000321.htm
- Tom Kyte has started a blog - /weblog/archives/00000322.htm
- A free version control e-book - /weblog/archives/00000323.htm
- Frank has a nice document recommendations - /weblog/archives/00000324.htm
- Some updated links on my Oracle security papers page - /weblog/archives/00000325.htm
- Frank has a good post about security vulnerability reporting - /weblog/archives/00000326.htm
- reading redo logs - The hard way - /weblog/archives/00000327.htm
- View privileges - /weblog/archives/00000328.htm
- Tom talks about direct dictionary editing - /weblog/archives/00000329.htm
- Alex Kornbrust has today released 3 new Oracle security advisories - /weblog/archives/00000330.htm
- A new paper on Oracle database passwords - /weblog/archives/00000331.htm
- Alex has added days to fix to his Oracle security advisories - /weblog/archives/00000332.htm
- Mark Coleman talks about Oracle and SOX compliance - /weblog/archives/00000333.htm
- Mark has made an update post on his SOX compliance - /weblog/archives/00000334.htm
- Alex has a new paper on Yahoo hacking and Oracle - /weblog/archives/00000335.htm
- Alex has a new paper on Yahoo hacking and Oracle - /weblog/archives/00000336.htm
- Ed also talked about Tom and direct dictionary editing - /weblog/archives/00000337.htm
- Direct dictionary access again - /weblog/archives/00000338.htm
- Tim Gorman has updated his excellent fileprobe.sh script - /weblog/archives/00000339.htm
- There is a security problem with Critical Patch Update April 2005 and alert #65 - /weblog/archives/00000340.htm
- Mark has a post about Oracle's talks to buy Siebel - /weblog/archives/00000341.htm
- SmartDB Upgrades Oracle Migration Tool - /weblog/archives/00000342.htm
- Alex has added an Oracle exploits page to his site - /weblog/archives/00000343.htm
- A free script to find hidden users in your database - /weblog/archives/00000344.htm
- Red Database Security issues two new Oracle security advisories - /weblog/archives/00000345.htm
- Alex has updated his Oracle exploits page to add 5 more exploit codes - /weblog/archives/00000346.htm
- Who_has_priv.sql, who_can_access.sql and who_has_role.sql updated - /weblog/archives/00000347.htm
- Interesting security news item - /weblog/archives/00000348.htm
- alpha copies of two chapters of Tom's new book are available - /weblog/archives/00000349.htm
- Follow up on direct appplication repository access - /weblog/archives/00000350.htm
- Tug has an interesting post on software terrorists - /weblog/archives/00000351.htm
- Nice post on Amis about flasback - /weblog/archives/00000352.htm
- Another nice flashback paper - /weblog/archives/00000353.htm
- Tom writes about anonymous postings - /weblog/archives/00000354.htm
- Amis blog has a good paper on SQL quirks - /weblog/archives/00000355.htm
- Richard talks about diagnostics support pack and applications collection tool (ACT) - /weblog/archives/00000356.htm
- A great example of information leakage! - /weblog/archives/00000357.htm
- Useful PL/SQL function that returns an MD5 sum for a string - /weblog/archives/00000358.htm
- A nice paper on latch internals - /weblog/archives/00000359.htm
- Alex has an interesting new paper on modplsq and mod_plsql passwords - /weblog/archives/00000360.htm
- Nice list of Oracle's default ports - /weblog/archives/00000361.htm
- Very interesting undocumented feature on Amis - /weblog/archives/00000362.htm
- A select only user causing locks? - /weblog/archives/00000363.htm
- Marcel-Jan has an interesting tool on his site called SQL-Gotcha - /weblog/archives/00000364.htm
- Nice paper by Jonathan on DUAL internals and intricacies - /weblog/archives/00000365.htm
- A news aggregator - /weblog/archives/00000366.htm
- nice paper by Doug Burns on Oracle parallel execution tuning - /weblog/archives/00000367.htm
- SQLGotcha is on freshmeat - /weblog/archives/00000368.htm
- A good paper on Oracle's random number generator - /weblog/archives/00000369.htm
- A good description of some of the Oracle default accounts - /weblog/archives/00000370.htm
- How to check which users can access the view DBA_USERS - /weblog/archives/00000371.htm
- orablogs is back - /weblog/archives/00000372.htm
- A good list of Oracle discussion resources - /weblog/archives/00000373.htm
- Oracle Password Repository (OPR) has been update - /weblog/archives/00000374.htm
- IDG were scheduled to interview Oracle's CSO - /weblog/archives/00000375.htm
- Scarlet Pruitt's interview with Mary Ann Davidson is out - /weblog/archives/00000376.htm
- Alex is to talk at ITUnderground Warsaw and DOAG Freiburg - /weblog/archives/00000377.htm
- An interesting post on Frank's blog about calling PL/SQL from Java - /weblog/archives/00000378.htm
- JHeadstart has some new features slated for the next release - /weblog/archives/00000379.htm
- A new short paper on Alex's site - How to change XMLDB Ports - /weblog/archives/00000380.htm
- 42 security bugs found in Oracle's Metalink database - Some serious! - /weblog/archives/00000381.htm
- Chris was also talking about Alex's 42 bugs found in Metalink - /weblog/archives/00000382.htm
- Alex has released his paper on metalink hacking - /weblog/archives/00000383.htm
- Steve has added an undocumented sample for fixed JDBC credentials - /weblog/archives/00000384.htm
- An interesting post about PeopleSoft and Oracle - /weblog/archives/00000385.htm
- Steve has improved his Custom JDBC URL example - /weblog/archives/00000386.htm
- A good book on reverse engineering - /weblog/archives/00000387.htm
- SANSFIRE is coming up very soon - /weblog/archives/00000388.htm
- OT: A book on how to build an Apple 1 replica - /weblog/archives/00000389.htm
- DBA Audit 2.5 - An interesting audit product. - /weblog/archives/00000390.htm
- ooops forgot the link - /weblog/archives/00000391.htm
- Wait even enhancements in 10g - /weblog/archives/00000392.htm
- Debu talked about EJB security hole - /weblog/archives/00000393.htm
- Default passwords for Oracle BPEL Process manager - /weblog/archives/00000394.htm
- Oracle reinforces their identity management software offerings - /weblog/archives/00000395.htm
- A truss like tool for IBM AIX and a file undelete program - /weblog/archives/00000396.htm
- Interesting post in Amis about "who called me" - /weblog/archives/00000397.htm
- OT: Another Apple post - /weblog/archives/00000398.htm
- Shay talked about version control through JDeveloper - /weblog/archives/00000399.htm
- A book on Peoplesoft for the Oracle DBA - /weblog/archives/00000400.htm
- Brian talks about why JPasswordField.getText() is deprecated - /weblog/archives/00000401.htm
- A nice Windows internals website - /weblog/archives/00000402.htm
- Another great Windows internals site - /weblog/archives/00000403.htm
- Oracle unveils its identity management suite - /weblog/archives/00000404.htm
- Britain's hi-tech crime wave - /weblog/archives/00000405.htm
- An interesting alternative technique to crack passwords - /weblog/archives/00000406.htm
- Changed my RSS feed to spit out the first 20 words and a link to the entry - /weblog/archives/00000407.htm
- OT: RSS fixes just done - /weblog/archives/00000408.htm
- Security is a major force in the new 10g Release 2 database - /weblog/archives/00000409.htm
- 10gR2 adds a "wrap" package procedure, TDE and makes DBMS_OUTPUT output unlimited - /weblog/archives/00000410.htm
- An issue with DBA_REGISTRY - /weblog/archives/00000411.htm
- Pete Finnigan is now a member of the Oaktable network - /weblog/archives/00000412.htm
- Orablogs seems to be down - or maybe not! - /weblog/archives/00000413.htm
- Doug followed up on DBA_REGISTRY - /weblog/archives/00000414.htm
- Grant talks about patch 2 for 9.0.4 for certified Linux and Mac clients - /weblog/archives/00000415.htm
- Frank talks about Bruce Schneier's book "secrets and lies" - /weblog/archives/00000416.htm
- An excellent XSS cheatsheet - /weblog/archives/00000417.htm
- Ed informs us that 10gR2 should be out this month - /weblog/archives/00000418.htm
- Installing Oracle Password Repository (OPR) - a walk through - /weblog/archives/00000419.htm
- A new version of OPR is released - /weblog/archives/00000420.htm
- Protecting network based storage - /weblog/archives/00000421.htm
- Niall says Oracle 10gR2 should be out on June 30 - for Linux - /weblog/archives/00000422.htm
- A security issue with OPR version 1.1.7 - /weblog/archives/00000423.htm
- 10g Release 2 PL/SQL and SQL new features - /weblog/archives/00000424.htm
- Marcus Ranum interview on Security Focus - /weblog/archives/00000425.htm
- Orablogs still seems to have DNS issues - /weblog/archives/00000426.htm
- whilst on the subject of orablogs - version 2 is in the wings - /weblog/archives/00000427.htm
- Oracle Password Repository (OPR) is updated to version 1.1.8 - /weblog/archives/00000428.htm
- A new sample installation session for Oracle Password Repository (OPR) version 1.1.8 - /weblog/archives/00000429.htm
- Frank talked about form-based authentication with struts - /weblog/archives/00000430.htm
- Off Topic: I have started a second blog on web development - /weblog/archives/00000431.htm
- Reverse engineering patches! - /weblog/archives/00000432.htm
- orablogs is back - /weblog/archives/00000433.htm
- 10g Release 2 allows deletion of datafiles - /weblog/archives/00000434.htm
- Some spiffy new security bits in 10g Release 2 - /weblog/archives/00000435.htm
- Oracle 10g Release 2 is available for Linux X86 - /weblog/archives/00000436.htm
- Oracle 10g Release 2 is available for Linux X86 - /weblog/archives/00000437.htm
- I have updated my RSS feed to output 40 words instead of 20 - /weblog/archives/00000438.htm
- Oracle have issued an email alert that CPU April 2005 is vulnerable to exploit - /weblog/archives/00000439.htm
- Oracle have issued a second email with another exploitable vulnerability in 10.1.0.2 in CPU 12APR - /weblog/archives/00000440.htm
- David Litchfield has released an advisory for the recent CPU 12 April vulnerabilities - /weblog/archives/00000441.htm
- Is it possible to check whether Oracles CPU update emails are *real*? - /weblog/archives/00000442.htm
- Paying a ransom to read your data - /weblog/archives/00000443.htm
- European software patents have been ditched - /weblog/archives/00000444.htm
- The next Critical Patch Update is due tomorrow - 12 July - /weblog/archives/00000445.htm
- Two security bugs found and reported to Oracle in 10g Release 2 already! - /weblog/archives/00000446.htm
- A great new free Oracle instance discovery tool - WinSID - /weblog/archives/00000447.htm
- Critical Patch Update July 12 2005 is available - /weblog/archives/00000448.htm
- CPU 12 July 2005 - /weblog/archives/00000449.htm
- Self signed SSL certificates with JInitiator - /weblog/archives/00000450.htm
- Security advisories released detailing 4 of the bugs fixed in CPU July 2005 - /weblog/archives/00000451.htm
- ZDNet news talks about the Critical Patch Update 2005 - /weblog/archives/00000452.htm
- Computer World is also talking about CPU July 2005 - /weblog/archives/00000453.htm
- SearchSecurity.com has a good news story about CPU July 2005 - /weblog/archives/00000454.htm
- Oracle Simplifies SOA Security - /weblog/archives/00000455.htm
- Same problem again as April CPU - CPU July 2005 failed to fix a bug it says it did fix - /weblog/archives/00000456.htm
- Grant talks about securing Forms applications with SSL - /weblog/archives/00000457.htm
- Internet News talks about Oracles latest Critical Patch Update - /weblog/archives/00000458.htm
- Oracle has been silently fixing security bugs in CPU July 2005 - /weblog/archives/00000459.htm
- Oracle are asking customers to download CPU July 2005 for 10.1.0.x again as there is a problem - /weblog/archives/00000460.htm
- A good German new item on CPU 12 July 2005 - /weblog/archives/00000461.htm
- More news on silent fixes in CPU July 2005 - /weblog/archives/00000462.htm
- Red Database Security releases security advisories for high risk unfixed Oracle bugs - /weblog/archives/00000463.htm
- A Russian language news article about unfixed Oracle security bugs disclosure - /weblog/archives/00000464.htm
- Sun has released an alert notification (15 July 2005) about multiple security vulnerabilities in Oracle affecting SunMC - /weblog/archives/00000465.htm
- Oracle dragging heels on unfixed flaws, researcher says - /weblog/archives/00000466.htm
- Security experts round on Oracle over unpatched holes - /weblog/archives/00000467.htm
- Why it is important to encrypt credit card information - /weblog/archives/00000468.htm
- Oracle Simplifies SOA, Web Services Security - /weblog/archives/00000469.htm
- Oracle-Patches mehr als 600 Tage überfällig - /weblog/archives/00000470.htm
- A couple of bloggers talk about Oracle's unpatched bugs - /weblog/archives/00000471.htm
- Oracle researcher announces high-risk database flaws - /weblog/archives/00000472.htm
- Six Unpatched Flaws in Oracle Database Products - /weblog/archives/00000473.htm
- The Register talks about the bugs - /weblog/archives/00000474.htm
- More trouble looming for Oracle? - Black Hat is next week - there are 4 talks about Oracle Security - /weblog/archives/00000475.htm
- a retro news article : Ellison: Oracle remains unbreakable - /weblog/archives/00000476.htm
- An Oracle spokeswoman speaks to TheAge - /weblog/archives/00000477.htm
- A list of all the news articles about Alex Kornbrusts advisories - /weblog/archives/00000478.htm
- More problems with the April Critical Patch Update - does it ever stop? - /weblog/archives/00000479.htm
- David Litchfield sets the record straight - /weblog/archives/00000480.htm
- Oracle Confirms Holes in Two Latest Patch Sets - /weblog/archives/00000481.htm
- Oracle's correction to the April CPU patch email has been posted to Bugtraq - /weblog/archives/00000482.htm
- [Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package - /weblog/archives/00000483.htm
- New Oracle Security Forum opened - /weblog/archives/00000484.htm
- Oracle Patches Its Security Patches - Database patches fix flaws found in previous fixes - /weblog/archives/00000485.htm
- Oracle's encryption not secure, researcher says - Alexander Kornbrust plans to detail his findings at Black Hat - /weblog/archives/00000486.htm
- web seminar for Oracle roadmap of Oblix integration - /weblog/archives/00000487.htm
- Mary Ann Davidson fights back - When security researchers become the problem - /weblog/archives/00000488.htm
- Oracle's 10g Encryption Feature Is a Fine First Step - /weblog/archives/00000489.htm
- iDefense ups the bidding for bugs - /weblog/archives/00000490.htm
- Grid Group Issues Security Requirements - /weblog/archives/00000491.htm
- VeriSign boosts security with iDefense acquisition - /weblog/archives/00000492.htm
- Security Matters - /weblog/archives/00000493.htm
- Ingrian DataSecure - A network appliance based encryption solution - /weblog/archives/00000494.htm
- Black Hat Confab to Spotlight Database Security - /weblog/archives/00000495.htm
- Demystifying MS SQL Server & Oracle database server security - /weblog/archives/00000496.htm
- Some response to Mary Ann's article - /weblog/archives/00000497.htm
- 10g Release 2 is available for download for Windows - /weblog/archives/00000498.htm
- Esteban Martínez Fayó has a fantastic black hat presentation on SQL Injection - /weblog/archives/00000499.htm
- Database Vendors Shouldn't Kill the Messenger - /weblog/archives/00000500.htm
- 10gR2 the CONNECT role has finally been sanitized - /weblog/archives/00000501.htm
- Joshua Wright has provided a free tool to check Oracle accounts for common passwords - /weblog/archives/00000502.htm
- slashdot discussion about Mary Ann Davidsons recent news article - /weblog/archives/00000503.htm
- Oracle simplifies SOAs - /weblog/archives/00000504.htm
- Some good tips on Dougs blog? - /weblog/archives/00000505.htm
- A good page describing Oradebug - /weblog/archives/00000506.htm
- Hashattack - Oracle password tool update to version 2.0 - /weblog/archives/00000507.htm
- New TNS protocol full client available for testing listener security - /weblog/archives/00000508.htm
- Prime number researchers put encryption algorithms such as RSA at risk - /weblog/archives/00000509.htm
- Oracle Security expert: More developer education is needed - /weblog/archives/00000510.htm
- The rise of Oracle blogging - /weblog/archives/00000511.htm
- Robert shows how easy it is to read data from websites directly into the database - /weblog/archives/00000512.htm
- Two excellent papers on a new method to combat parameter validation and SQL Injection - /weblog/archives/00000513.htm
- Hashattack 2.0 tool : ooops incorrect link on the tools page - /weblog/archives/00000514.htm
- Is it just me or is Orablogs not reachable again? - /weblog/archives/00000515.htm
- OPatch, wherefore art thou? - /weblog/archives/00000516.htm
- My site and Blog are available again - /weblog/archives/00000517.htm
- Bell Labs Dept 1127 has finally gone - /weblog/archives/00000518.htm
- Doug talks again about ? and catpatch.sql - /weblog/archives/00000519.htm
- Alex Kornbrusts Black Hat presentation on reverse engineering Oracles encryption packages - /weblog/archives/00000520.htm
- Radoslav Rusinov's Blog and mod_plsql passwords in clear text - /weblog/archives/00000521.htm
- A short download of Tom Kytes new book is available - /weblog/archives/00000522.htm
- Crack Oracle Security like a peanut! - /weblog/archives/00000523.htm
- New Online MD5 Hash Database - /weblog/archives/00000524.htm
- Red Database Security has released a standalone Oracle password cracker - /weblog/archives/00000525.htm
- undocumented Oracle? - /weblog/archives/00000526.htm
- Details of the Oracle password algorithm were revealed by its creator in 1993 - /weblog/archives/00000527.htm
- Red Database Security has released more Oracle password algorithm information - /weblog/archives/00000528.htm
- A second thread on c.d.o.s. about the Oracle password algorithm - /weblog/archives/00000529.htm
- Alex Kornbrust has released a Linux version of his Oracle password cracker - /weblog/archives/00000530.htm
- A perl script to brute force database connections - /weblog/archives/00000531.htm
- A correction to the author and URL for orabf.pl - /weblog/archives/00000532.htm
- Full disclosure list: Summary of the password algorithm and a C code plug-in for John The Ripper password cracker - /weblog/archives/00000533.htm
- Alex has released version 1.1 of Checkpwd - the Oracle dictionary password cracker - /weblog/archives/00000534.htm
- 1.02 Million hashes/second Oracle dictionary and brute force password cracker available - /weblog/archives/00000535.htm
- A career change and some site revamping - /weblog/archives/00000536.htm
- Alex has added a page to compare the available Oracle password crackers - /weblog/archives/00000537.htm
- 0rm's Oracle password cracker orabf has been updated - /weblog/archives/00000538.htm
- Congratulations to Mark Rittman on for Oracle magazines Oracle ACE of the year 2005 - /weblog/archives/00000539.htm
- CPU July 2005 patch set for Application Server Windows 9.0.2.3 has a problem - /weblog/archives/00000540.htm
- Security firm considers changing its policy on public disclosure of security vulnerabilities - /weblog/archives/00000541.htm
- Pre DBMS_RANDOM - /weblog/archives/00000542.htm
- Wifred notes that Patch 9.0.4.2.0 has a bug in Oracle forms - /weblog/archives/00000543.htm
- archivelog mode - or not? - /weblog/archives/00000544.htm
- jDUL / DUDE (Database Unloading by Data Extraction) - an alternative to DUL - /weblog/archives/00000545.htm
- 10g Release 2 for Windows is available - /weblog/archives/00000546.htm
- Nice paper by KK Mookhey and Nilesh Burghate - Detection of SQL Injection and Cross-site Scripting Attacks - /weblog/archives/00000547.htm
- Some Perl and problems with referral spammers - /weblog/archives/00000548.htm
- Amis talks about the need to remove USER from PL/SQL and SQL code - /weblog/archives/00000549.htm
- A small correction to a post about DBMS_SYSTEM.KSDDDT - /weblog/archives/00000550.htm
- Alex has released details about a common SQL Injection vulnerability in Oracle reports - /weblog/archives/00000551.htm
- Alex's SQL Injection advisory is available in German - /weblog/archives/00000552.htm
- Oracle Locks Up 'Federated' App Server - /weblog/archives/00000553.htm
- Google has added a great blog search tool - /weblog/archives/00000554.htm
- An interesting post on patch scheduling and disclosure - /weblog/archives/00000555.htm
- On Security, Is Oracle the Next Microsoft? - /weblog/archives/00000556.htm
- A nice fix for the "Overwrite any file via desname in Oracle Reports" bug - /weblog/archives/00000557.htm
- Some testing of orabf (Oracle password cracker) speed by Marcel-Jan - /weblog/archives/00000558.htm
- Oracle Proxy Users - /weblog/archives/00000559.htm
- Happy first birthday to my Oracle security blog! - /weblog/archives/00000560.htm
- Meet the experts (Oracle Security) at Oracle Open World - an open standard for securing Oracle - /weblog/archives/00000561.htm
- A new paper on a security hole in Application Server Control - /weblog/archives/00000562.htm
- Larry Ellison speaks about fixing security bugs - /weblog/archives/00000563.htm
- Another Larry news article on security from OOW - /weblog/archives/00000564.htm
- Quite a nice post about debugging with DBMS_DEBUG - /weblog/archives/00000565.htm
- Nice example of the new password store in 10g R2 - /weblog/archives/00000566.htm
- More security help in 10g R2 - /weblog/archives/00000567.htm
- More details on default failed_login_attempts - /weblog/archives/00000568.htm
- more failed_login_attempts! - /weblog/archives/00000569.htm
- Amis has a good post on debugging client side SQL*Net - /weblog/archives/00000570.htm
- Oracle and Sarbanes Oxley - /weblog/archives/00000571.htm
- The Six Dumbest Ideas in Computer Security - /weblog/archives/00000572.htm
- A couple of papers by Mladen Gogala - /weblog/archives/00000573.htm
- Good thread on Oracle brute force password cracking and OUG Scotland - /weblog/archives/00000574.htm
- OUG Scotland - /weblog/archives/00000575.htm
- David Litchfield writes an open letter to the security community and Oracle customers - /weblog/archives/00000576.htm
- Link to David Litchfields original post - /weblog/archives/00000577.htm
- Researcher lashes out at Oracle's security effort - /weblog/archives/00000578.htm
- Red Database Security has released 6 new Oracle security bug advisories - /weblog/archives/00000579.htm
- Slight correction to the HTMLDB advisories - /weblog/archives/00000580.htm
- Some more posts on bugtraq about David Litchfields open letter to Oracle - /weblog/archives/00000581.htm
- A new paper on SQL Injection - /weblog/archives/00000582.htm
- WebGoat an application to learn how to hack! - /weblog/archives/00000583.htm
- Security, SOX and Oracle Incentive Compensation - /weblog/archives/00000584.htm
- The Age talks about David Litchfields open letter to Oracle - /weblog/archives/00000585.htm
- Prevention and detection better than cure - /weblog/archives/00000586.htm
- How to encrypt/decrypt strings with the dbms_obfuscation_toolkit package - /weblog/archives/00000587.htm
- comments and how to re-enable them on this blog - /weblog/archives/00000588.htm
- Security Critical Patch Update October 18 is out - /weblog/archives/00000589.htm
- CPU October 18th a few comments - /weblog/archives/00000590.htm
- Some news about the CPU October 18 2005 Oracle security patch set - /weblog/archives/00000591.htm
- Women who know Oracle and security - /weblog/archives/00000592.htm
- Alex has posted an excellent analysis of the CPU Oct 18 database security bugs - /weblog/archives/00000593.htm
- An exploit has been published for database security bug DB27 - /weblog/archives/00000594.htm
- Easy connect identifier - /weblog/archives/00000595.htm
- My site was on the BBC 1 breakfast - well a picture of a link to it was! - /weblog/archives/00000596.htm
- An example of using DBMS_CRYPTO - /weblog/archives/00000597.htm
- Researcher: Oracle Patch Set Flawed Again - /weblog/archives/00000598.htm
- Exploit circulating for newly patched Oracle bug - It can crash an unpatched database server - /weblog/archives/00000599.htm
- Some fight back on Oracle security bugs - old news article - /weblog/archives/00000600.htm
- Flaw hunters pick holes in Oracle patches - /weblog/archives/00000601.htm
- Josh has released a paper about the Oracle password algorithm - /weblog/archives/00000602.htm
- Some news stories about the josh oracle password paper - /weblog/archives/00000603.htm
- Oracle Express - friend or foe? - /weblog/archives/00000604.htm
- UKOUG tomorrow - /weblog/archives/00000605.htm
- Oracle worm in the wild - /weblog/archives/00000606.htm
- UKOUG so far - /weblog/archives/00000607.htm
- Oracle Express - will we get security patches? - I truly hope so - /weblog/archives/00000608.htm
- Mary Ann speaks about security strategy - /weblog/archives/00000609.htm
- Oracle has released a new security vulnerability fixing policy and process - /weblog/archives/00000610.htm
- Why Protect Fort Knox Borders But Ignore The Gold? - /weblog/archives/00000611.htm
- Oracle alerts customers to the so called voyager worm - /weblog/archives/00000612.htm
- A movie about Oracle homeland security solutions - /weblog/archives/00000613.htm
- Voyager worm targets Oracle databases - /weblog/archives/00000614.htm
- CNET news on the Oracle worm - /weblog/archives/00000615.htm
- Oracle Worm Proof-of-concept - /weblog/archives/00000616.htm
- Oracle adds fine-grain features to ID security - /weblog/archives/00000617.htm
- What Are the Default Restrictions on Oracle Passwords? - /weblog/archives/00000618.htm
- Bruce Schneier blogs about the Oracle password weakness paper - /weblog/archives/00000619.htm
- Many ways to become DBA - /weblog/archives/00000620.htm
- More than 275 new security bugs found last week in the Oracle 10g database - /weblog/archives/00000621.htm
- Oracle XE will get upgrades with security fixes rather than patches - /weblog/archives/00000622.htm
- Commercial rainbow cracking - /weblog/archives/00000623.htm
- Mary Ann Davidson on how to evaluate software security - /weblog/archives/00000624.htm
- DBMS_ASSERT can be used to protect against SQL Injection - /weblog/archives/00000625.htm
- Disclosure or advertising? - /weblog/archives/00000626.htm
- Problems with the October CPU discovered - /weblog/archives/00000627.htm
- Oracle responds to the password algorithm weakness paper - /weblog/archives/00000628.htm
- Oracle buys two security software companies - /weblog/archives/00000629.htm
- LDAP - /weblog/archives/00000630.htm
- Oracle's email on Thor Technologies and OctetString - /weblog/archives/00000631.htm
- David Litchfield has started a database security portal - /weblog/archives/00000632.htm
- OracleXE beta 2 released - /weblog/archives/00000633.htm
- David Litchfield has started a blog and talks about the worm - /weblog/archives/00000634.htm
- Laurent on hidden parameters - /weblog/archives/00000635.htm
- Determining if a patch set has been applied to an Oracle database - /weblog/archives/00000636.htm
- A good comparison between Oracle and SQL Server features - /weblog/archives/00000637.htm
- Listener password management features - /weblog/archives/00000638.htm
- How many Oracle databases are exposed to the net? - /weblog/archives/00000639.htm
- A new Oracle security checklist paper from Oracle - /weblog/archives/00000640.htm
- Two new speaking events added to my site - /weblog/archives/00000641.htm
- SANS has released a new top 20 list of vulnerabilities - /weblog/archives/00000642.htm
- Some news items about the SANS TOP-20 release - /weblog/archives/00000643.htm
- A DoD Security Guidelines document for databases - /weblog/archives/00000644.htm
- Happy 20th birthday Windows - /weblog/archives/00000645.htm
- US DoD database security technical implementation guide V7, release 1 - /weblog/archives/00000646.htm
- Oracle Database security checklist from Oracle - /weblog/archives/00000647.htm
- 0rm has updated orabf the Oracle password cracker - /weblog/archives/00000648.htm
- Pete Finnigan is back after a week away from blogging! - /weblog/archives/00000649.htm
- CPU July 2005 and CPU October 2005 have problems!! - /weblog/archives/00000650.htm
- Nice post about LOG ERRORS potential performance issue - /weblog/archives/00000651.htm
- A sample package to manipulate LDAP - /weblog/archives/00000652.htm
- Some details of listener password exploits - /weblog/archives/00000653.htm
- Oracle security checklist - /weblog/archives/00000654.htm
- Bugs - /weblog/archives/00000655.htm
- Oracle PL/SQL for DBA's - /weblog/archives/00000656.htm
- Laurent talks about restricting the power of RMAN - /weblog/archives/00000657.htm
- I am presenting at the DBMS SIG in Melton Mowbray about Oracle security - /weblog/archives/00000658.htm
- DBMS SIG conference today - A security focus - /weblog/archives/00000659.htm
- CIS Oracle security checklist referral - /weblog/archives/00000660.htm
- Good overview of SOA security - /weblog/archives/00000661.htm
- Arup's new book and some networking - /weblog/archives/00000662.htm
- A useful perl script to check for listener password brute force attempts - /weblog/archives/00000663.htm
- Another free Perl script to check the listener log - /weblog/archives/00000664.htm
- Integration Promises Still Haunting Oracle - /weblog/archives/00000665.htm
- The possible complexity level of Oracle database passwords is in question - /weblog/archives/00000666.htm
- securing apache with Oracle - /weblog/archives/00000667.htm
- Another way to monitor the listener log for brute force attacks - /weblog/archives/00000668.htm
- A new book "Cryptography in the Database: The Last Line of Defense" - /weblog/archives/00000669.htm
- Some more thoughts on the weakness of Oracle database passwords - /weblog/archives/00000670.htm
- Oracle Combines Its Identity Management Offerings - /weblog/archives/00000671.htm
- Nice paper on database links - /weblog/archives/00000672.htm
- Mary Ann Davidson announces that Fortify software will be used to find security holes in Oracle software - /weblog/archives/00000673.htm
- standalone discoverer clients now sso compliant for E-Business Suite users - /weblog/archives/00000674.htm
- A nice paper on listener auditing - /weblog/archives/00000675.htm
- A very happy christmas to everyone - /weblog/archives/00000676.htm
- State of the nation: referral spam, comments, content management, dedicated hosting and more - /weblog/archives/00000677.htm
- David Knox on secure application roles - /weblog/archives/00000678.htm
- Spammers again... - /weblog/archives/00000679.htm
- Metacoretex has been hacked - /weblog/archives/00000680.htm
- A new variant of the Oracle Voyager worm is in the wild - /weblog/archives/00000681.htm
- More detailed
|
