Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 22 visitors online    

Pete Finnigan's Oracle security weblog


Home » archives

Log Archives

May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004

Entries

05/16/2008: Howard's DORIS script is available again - some security comments from me
05/15/2008: License Plate scanners and SQL Injection
05/14/2008: Oracle Application Server 10g ORA_DAV basic authentication bypass
05/13/2008: License plate SQL Injection
05/01/2008: Slides from OUG Scotland DBA SIG on Oracle Forensics available
05/01/2008: Conditionally firing triggers
04/30/2008: Lateral SQL Injection and Conferences and security training
04/25/2008: Slides from OUGN Norway and RISK 2008 Norway available
04/14/2008: Two remotely exploitable without authentication bugs to be fixed
04/08/2008: Fine Grained network Access Control in 11g
04/07/2008: C code API to encapsulate OCI
03/31/2008: A new version of the Oracle password cracker woraauthbf is available
03/28/2008: Slides from Pete Finnigan Oracle Security webinar available
03/22/2008: A new release of Inguma
03/15/2008: Pete Finnigan is doing a live webinar on Oracle Security March 28th
03/14/2008: Oracle security audit training in the Netherlands with Pete Finnigan
02/29/2008: Oracle Security Back to basics slides available
02/25/2008: Speaking events, SQL Hashes and clever password crackers
02/14/2008: Oracle Defending Against SQL Injection Tutorial
02/13/2008: A hint of Oracle's coding standards
02/11/2008: Oracle security conferences, illness and ....
02/07/2008: A default password script and a cracker helper script
02/04/2008: PeteFinnigan.com Limited becomes UK partner for Sentrigo Hedgehog
02/01/2008: Oracle database exploits available for January 2008 CPU fixes
02/01/2008: A new version of woraauthbf - The Oracle password cracker is released
01/30/2008: PeteFinnigan.com Limited Advisory for the Oracle Jan 2008 CPU
01/28/2008: Review of the book Practical Oracle Security
01/24/2008: Orablogs is no more (well soon)
01/23/2008: Pete Finnigan; new VPD in the real world paper available
01/21/2008: UKOUG Unix SIG 22nd Jan and more
01/16/2008: Oracle release the January 2008 CPU patch
01/14/2008: Sentrigo release a study of how many people apply a CPU
01/08/2008: Why does the parameter count change
01/07/2008: Happy New Year and an example of having your bank account compromised
12/24/2007: List of Security papers
12/21/2007: In memory backdoors in Oracle
12/21/2007: emkey and the importance of it in Grid Control security
12/16/2007: Mining Data from the Listener Log
12/09/2007: Pete Finnigan Oracle Security Masterclass presentation from UKOUG
12/09/2007: Pete Finnigan Oracle Forensics presentation from the UKOUG
12/09/2007: Pete Finnigan Oracle Security Tools presentation from UKOUG available
12/03/2007: Read only, best of Oracle security, locating passwords and UKOUG
11/25/2007: Eight ways to hack Oracle
11/21/2007: Personal details for 25 Million people go missing in the UK
11/20/2007: Would you like a job in Oracle security - PeteFinnigan.com Limited is hiring
11/17/2007: 10g and 11g password leak during install, honeypots and databases exposed to the internet
11/12/2007: Oracle 0-day bug to get SYSDBA access to the database
11/08/2007: Pete Finnigan Oracle 11g Security presentation slides available
11/06/2007: Exploit code to crash an Oracle database posted
11/06/2007: Pete Finnigan speaking about Oracle 11g Security tomorrow at UKOUG DBMS SIG
11/02/2007: DBMS_SQL new security features and ROWID hacking
10/31/2007: Does Oracle's Database Need More Security?
10/31/2007: Memory resident backdoors in Oracle
10/30/2007: Simple Oracle 11g Password check PL/SQL script
10/29/2007: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM
10/29/2007: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO
10/29/2007: New presentation on Database Vault faults
10/29/2007: A new SQL Injection protection PL/SQL package
10/27/2007: David Litchfield has started a new blog
10/25/2007: Nice ideas to scrape the alert log in Windows
10/24/2007: CheckPwd version 2 A12 is released
10/23/2007: Oracle 11g for Windows is available
10/18/2007: Oracle plugs critical database, application flaws
10/17/2007: Oracle Issues Pile of 51 Security Patches
10/16/2007: October 2007 Critical Patch Update (CPU) is out
10/16/2007: Nice paper on time based blind SQL
10/15/2007: Creating a SYSDBA backdoor
10/13/2007: Oracle October CPU pre-release analysis
10/10/2007: Extreme SQL Injection
10/09/2007: The fastest Oracle password cracker in the world is released!!!
10/08/2007: Weakness in Oracles new 11g authentication protocol
10/03/2007: Nice SQL Injection cheat sheet
10/02/2007: The first Oracle 11g password cracker
09/26/2007: Oracle Security on Windows presentation uploaded
09/23/2007: September 2007 - 3 years of Oracle security blogging
09/22/2007: Oracle 11g Password algorithm revealed
09/19/2007: Oracle 11g Security - part 5 {Playing for time}
09/17/2007: Oracle 11g Security - part 4 {Times and dates and lengths}
09/16/2007: Decompilation - reality or myth
09/14/2007: Using Log Miner for database forensics
09/13/2007: 6 Oracle security presentations added to Oracle security white papers page
09/13/2007: Hacking hardened and patched Oracle databases
09/12/2007: Security analysis of the JInitiator buffer overflows
09/11/2007: Make Oracle PCI compliant
09/09/2007: Oracle security presentations
09/04/2007: Code Breaking
08/31/2007: Oracle 11g Security - part 3 {peek and poke}
08/26/2007: Oracle 11g Security - part 2 {The beginning}
08/22/2007: 11g and Oracle Security
08/22/2007: Oracle security services, products and training
08/21/2007: Oracle Forensics Paper part 6
08/19/2007: Pete Finnigan is now an independant and available for Oracle security work
08/14/2007: Oracle Forensics presentation and a new paper
08/10/2007: 11g is here
08/06/2007: Are security tools a virus or a trojan or even a danger?
07/31/2007: Checksumming on all supported versions of Oracle
07/24/2007: First exploit released for CPU July 2007
07/18/2007: CPU July 2007 is out
07/16/2007: Oracle UK systems accused in 'SSH hacking spree'
07/13/2007: A new Oracle security scanner written in Ruby
07/11/2007: Apex and its security model
07/10/2007: database security bloopers
07/10/2007: More SQL Injection
07/08/2007: Please dont SQL Inject a bank
07/05/2007: Checkpwd updated and also released for Mac
06/29/2007: ERP thesis questionnaire
06/28/2007: Using Field Programmable Gate Arrays (FPGA) to crack passwords
06/23/2007: Script to find all privileges assigned to a user/role - users complaint
06/20/2007: Data breach concerns running rampant, survey finds
06/18/2007: A New Approach to Database Security
06/13/2007: Database Vault presentation slides available
06/12/2007: Imperva launches a free database security scanner
06/11/2007: Nice list of security papers
06/10/2007: Amichai Schulman has started a database security blog
06/05/2007: Valid node checking as a simple free firewall for the database
06/04/2007: Another new paper on Oracle password cracking
05/29/2007: David Litchfield announces Open Software Database forensics toolkit
05/29/2007: Software should defend itself: Oracle CSO
05/29/2007: New paper on Oracle native authentication in 9i and 10g
05/28/2007: A new Oracle security blog in English and German and some Oracle security videos
05/24/2007: A new database security blog talks about propogating middle tier and application user identities
05/24/2007: Security guru blasts Oracle's patching policies
05/21/2007: UKOUG Unix Sig - Hacking and Securing Oracle
05/20/2007: 15 free SQL Injection scanners
05/17/2007: Oracle forensics part 4 - live response
05/15/2007: Oracle BI Suite and Row Level Security
05/11/2007: Getting started with Oracle security
05/09/2007: Oracle audit vault is available for trial download
05/06/2007: Pete Finnigan to speak about Oracle security
05/03/2007: Pete Finnigan UKOUG Leeds April 2007 slides available
04/28/2007: Oracle forensics in a nutshell
04/23/2007: I am speaking at the Northern Server Technology day tomorrow 24th April
04/20/2007: NGS have released an analysis for the April CPU 2007
04/19/2007: Analysis of April 2007 CPU
04/19/2007: Analysis: Automated Code Scanners: False Sense of Security?
04/18/2007: Oracle Updates Leave Critical Windows Flaw
04/17/2007: Oracle Critical Patch Update April 2007 is out
04/17/2007: 103 free security apps for Mac, Windows and Linux
04/17/2007: Milw0rm - Oracle exploits
04/12/2007: A new Oracle Security Apprentice?
04/09/2007: Oracle Assessment Toolkit
04/04/2007: 3 new papers on Oracle forensics
04/03/2007: Argeniss have released a simple Oracle root kit
04/02/2007: Bunker has released a 0-day Oracle exploit
03/30/2007: 2 new exploits for Oracle
03/29/2007: Cesar Cerrudo shows how to find more than 5 local 0-days in Oracle
03/28/2007: Site downtime
03/26/2007: 4 new Oracle exploits released
03/24/2007: SQLGotcha 4.0 beta released on Sourceforge
03/23/2007: Oracle sues SAP for allegedly behaving like it has toward Linux
03/22/2007: Interesting post on previous values in datafiles
03/17/2007: Oracle forensics, UKOUG and blog troubles
03/11/2007: Nice paper on BBED in French
03/06/2007: New paper on Oracle Forensics
03/05/2007: More Oracle exploits
03/05/2007: Researcher charts new, more dangerous Oracle attack
03/05/2007: New attack technique puts Oracle in crosshairs
03/05/2007: Oracle exploits available
03/03/2007: New and Improved Oracle Exploits Coming at Black Hat
02/27/2007: New paper: Cursor injection - attacking Oracle with just CREATE SESSION
02/25/2007: 11i Security papers available
02/23/2007: More on Oracle hacking techniques
02/20/2007: Hacking Oracle, but not in English
02/18/2007: Hacking SYS password added as a pdf
02/16/2007: Oracle TNS Protocol downgrade attacks
02/16/2007: How to hack SYS password without logging into the database
02/15/2007: Oracle 0-day exploit to be released - Blackhat Washington DC database security presentations
02/12/2007: Argeniss are now selling Oracle rootkits!
02/08/2007: Where's Larry? Ellison calls out sick at RSA Conference
02/07/2007: Oracle Database Vault is certified with PeopleSoft
02/05/2007: Detecting rootkits
02/05/2007: Comments are enabled on this blog again
02/02/2007: Users and Schemas
01/31/2007: BBED - Oracle Block Browser and EDitor - A hacker tool?
01/30/2007: Download some free chapters from the Oracle Hackers Handbook
01/30/2007: Oracle Hackers Handbook
01/24/2007: Transparent Data Encryption (TDE) certified for Apps 11i
01/24/2007: checkpwd has been updated to 1.22 and is around 30% faster
01/22/2007: Oracle password crackers just got faster
01/21/2007: Secure Passwords Keep You Safer
01/19/2007: Toolkit of generators and brute force tools
01/18/2007: Details Oracle Critical Patch Update January 2007 - V1.02 released
01/16/2007: Critical Patch Update January 2007 is out
01/16/2007: Definer rights AS SYSDBA security issue?
01/15/2007: new paper on oracle as sysdba connection weakness
01/14/2007: Oracle emulates Microsoft with advance patch notice
01/14/2007: Oracle To Patch 55 Database, App Server Bugs Next Week
01/12/2007: Oracle have announced a CPU pre-release feature
01/10/2007: Great paper on Oracle Applications 11i password weaknesses and decryption
01/05/2007: Teaching an Old Dog New Tricks
01/04/2007: 10 steps to creating your own security audit
01/03/2007: A good blog to watch for Oracle internals and hard to find info
01/01/2007: Stealing Oracle passwords from the wire
01/01/2007: It seems Dizwell has gone, come back (maybe) and gone again
12/29/2006: Happy new year!!
12/23/2006: Integrigy have released a completely new version of their listener check tool
12/21/2006: Oracle 11g will have SHA-1 hashed passwords and case sensitive passwords
12/20/2006: Evading Oracle IDS and audit appliances
12/20/2006: Hacking and hardening Oracle Express Edition - UKOUG 2006
12/12/2006: Oracle XE, where are the security patches?
12/12/2006: Pete Finnigan's InfoSec 2006 paper How to Secure Oracle in 20 Minutes
12/12/2006: SQL Injection, Are Your Web Applications Vulnerable?
12/08/2006: Nice paper on Securing Web Applications
12/08/2006: WinSID an Oracle instance discovery tool is available again
12/07/2006: Pete Finnigan's Oracle Security Masterclass UKOUG 2006 available
12/07/2006: A free PL/SQL fuzzing tool released
12/06/2006: 10.2.0.3 for Linux and Windows is out
12/05/2006: The Best of Oracle Security 2006 (in German)
12/05/2006: Pete Finnigan's UKOUG presentation on FGA, VPD and audit performance
12/04/2006: Tension between security vendors, bug hunters continues to simmer
12/01/2006: Oracle launches identity governance project
11/30/2006: Week of Oracle bugs axed--for now?
11/24/2006: Carelessness Runs Amuck With Zero Day Vulnerabilities
11/23/2006: Week of Oracle zero-days planned
11/22/2006: Oracle in the Crosshairs for Week of Exploits
11/22/2006: Oracle Security Patch Causes Insecurity
11/22/2006: Pete Finnigan's presentation from UKOUG 2006 in Biringham on Encryption
11/21/2006: Argeniss are to release an Oracle 0-Day exploit every day for a week
11/20/2006: Securent Could Be a Fine Addition for Oracle
11/13/2006: UKOUG starts tomorrow
11/08/2006: 10gR2 and failed_login_attempts
11/06/2006: Oracle password crackers
11/03/2006: There is a newer version of the orabf Oracle password cracker available
11/01/2006: checkpwd Oracle password cracker now supports multi-core CPU's
10/31/2006: Jonathan Lewis has a new weblog
10/30/2006: myspace hacked
10/27/2006: Best Practice for securing E-Business Suite updated
10/26/2006: BT buys security outsourcer Counterpane
10/26/2006: Help in handling Oracle vulnerabilities
10/23/2006: Users look for details on Oracle's next database
10/20/2006: Oracle releases 101 patches in quarterly update
10/20/2006: Oracle fixes 101 flaws
10/20/2006: Using procedures to access data only
10/18/2006: Oracle plugs 101 security flaws
10/18/2006: Oracle Issues Monster Security Patch
10/18/2006: Details of bugs fixed in CPU October 2006 released
10/17/2006: October 2006 Critical Patch Update (CPU) is out
10/16/2006: Oracle to provide clearer vulnerability ratings
10/16/2006: Oracle Security Alerts Get Overdue Makeover
10/16/2006: Tmorrow is patch Tuesday - the Oct 2006 CPU is due!
10/14/2006: SANS Oracle S.C.O.R.E. document has been updated
10/13/2006: Security bug in 10.2.0.2 not fixed yet
10/11/2006: Oracle will improve the CPU documentation with the Oct 17th 2006 CPU
10/11/2006: Applying CPU's
10/09/2006: Tom has discovered a PL/SQL oddity
10/08/2006: Data breaches near 94 million
10/07/2006: Using JAZN LDAP for security in Portal
10/07/2006: Some good SQL Injection links
10/06/2006: Oracle 11i and SSO
10/04/2006: A portal exploit or security advice
10/04/2006: Oracle's Security Plans
10/03/2006: SQLGotcha version 3.0 is available
10/01/2006: Oracle promises tighter security for SOAs
09/29/2006: Security professionals at risk from hacking laws
09/29/2006: Ethical hacking in Oracle
09/28/2006: Security Inside
09/25/2006: Eddie on another undocumented function
09/25/2006: Project lockdown
09/22/2006: Only 6% of identity theft can be attributed to data theft.
09/22/2006: Cybercrime Is Getting Organized
09/20/2006: Two years of Oracle Security blogging and still going strong
09/19/2006: Exploit screencasts
09/18/2006: Pete Finnigan at UKOUG 2006
09/15/2006: Cache missing for fun and profit
09/12/2006: IT Underground conference in Rome cancelled at last minute
09/09/2006: Identity theft is becoming main stream
09/08/2006: Nice network trace tool
09/07/2006: Pete Finnigan podcast interview on Oracle security
09/05/2006: Nice idea on audition using trace events
09/04/2006: I will be speaking at the IT Underground in Rome
09/03/2006: Interesting post about protecting PL/SQL
09/03/2006: Nice post by steve about Federal Information Security Management Act (FISMA)
09/01/2006: Nice post on an undocumented function - Reverse
08/31/2006: How not to create user authentication
08/31/2006: Oracle's Ellison to take stage at next RSA confab
08/31/2006: Oracle's Ellison to strut his stuff at RSA 2007
08/30/2006: New additional syndication feeds for this blog
08/30/2006: Application centric security
08/29/2006: Nice post on the Logica blog about LDAP user info
08/29/2006: Duncan speaks about Common Criteria Security Evaluations
08/28/2006: 9.2.0.8 on Linux is out
08/26/2006: Spotlight on Oracle security
08/26/2006: DMZs, SSL, RAC, OracleAS 10g and Oracle E-Business Suite 11i
08/25/2006: Unpatched enterprise security bugs proliferate
08/25/2006: 9.2.0.8 is out for Solaris
08/24/2006: Mr. Know-IT-All's Oracle Security Challenge
08/22/2006: 9.2.0.8 is out for Windows, MVS and HP/UX
08/21/2006: Oracle root kits part 2
08/18/2006: MatriXay a new way to penetration test web apps and databases
08/17/2006: Oracle expert warns of weakness in PL/SQL
08/17/2006: Databases at war
08/17/2006: Oracle Announces General Availability of Oracle(R) Identity Management 10g Release 3
08/15/2006: Stephen Kost has a new Oracle security blog
08/15/2006: Integrating Oracle with the Windows Active Directory
08/14/2006: Oracle Database Patch Sets
08/14/2006: Blinded By The Glare Of Facial Piercings At Black Hat (Or, The One That Got Away)
08/09/2006: Defcon 2006: Oracle not so "unbreakable"
08/08/2006: High bidders with low motives
08/08/2006: How to Unwrap PL/SQL BlackHat las vegas 2006 presentation slides are available
08/07/2006: Tom has an interesting post on Security via obscurity
08/06/2006: BlackHat Last week
07/28/2006: An interesting thread on Alex's DBMS_ASSERT paper
07/28/2006: A new Oracle exploit revealed on the bugtraq list
07/27/2006: SQL Injection video
07/27/2006: How to bypass the protection implemented by DBMS_ASSERT
07/26/2006: Oracle Password Repository
07/24/2006: Blackhat Las Vegas 2006 and unwrapping PL/SQL
07/19/2006: Oracle's summer update fixes 65 flaws
07/19/2006: Oracle plugs 65 security holes
07/19/2006: Oracle Patches 65 Vulnerabilities
07/19/2006: Oracle owns up to patching problems
07/18/2006: Alex has an analysis of CPU July 2006 and also advisories
07/18/2006: All database patches are available this time
07/18/2006: Eric Maurice speaks about the July CPU
07/18/2006: CPU July 2006 is out
07/14/2006: oh the irony...
07/10/2006: Mary Ann speaks - on security testing rules
07/10/2006: Security vulnerability disclosure - part 1
07/07/2006: Nice three part article on FGA
07/07/2006: Where is 9.2.0.8?
07/05/2006: More on SYSDBA caching
07/03/2006: Nice post by Eddie about undocumented pragmas
07/02/2006: Great SQL injection paper
07/02/2006: A follow up on Stephens SYSDBA post
06/29/2006: An interesting post on Stephen's Oracle blog about SYSDBA passwords
06/28/2006: Survey: Hardware, not hackers, usually causes Oracle database downtime
06/20/2006: Social Engineering, the USB Way
06/19/2006: Five best practices for Oracle applications developers
06/19/2006: DB2 Security Glitch Makes IBM Whine
06/13/2006: A blog with some Oracle security entries
06/13/2006: Nice post about identities
06/12/2006: Building a Simple Firewall Using Oracle Net
06/12/2006: The DTI security breach survey is out
06/08/2006: An Expert's Perspective on the VA Data Theft
06/06/2006: 9.2.0.8 is to be a terminal release
06/05/2006: Laurent on mod_plsql
06/03/2006: A nice post about risk based security
06/02/2006: undocumented pragmas
06/02/2006: Oracle blogs aggregator speeded up
06/01/2006: New paper "Oracle Database Security"
06/01/2006: Oracle, vis-a-vis Mary Ann Davidson, attacks poor coding practices
05/31/2006: Views on Mary Ann and an article about buggy code
05/31/2006: Oracle exec hits out at 'patch' mentality
05/31/2006: Oracle mending fences with security researchers
05/31/2006: Oracle's security chief lambastes faulty coding
05/26/2006: Project Lockdown
05/25/2006: Exploiting and protecting Oracle
05/25/2006: Rationalization, Sex, and Oracle
05/25/2006: Tripwire Partners with Oracle® to Enable Enhanced Security and Increased Compliance
05/25/2006: Pete Finnigan blog back on orablogs
05/25/2006: Oracle adds to secure archiving, audit features
05/23/2006: Cisco, others invest $6.3m in Guardium
05/23/2006: Cisco, others invest $6.3m in Guardium
05/23/2006: Security Patch website
05/23/2006: The Patch Impasse: Front line perspectives from enterprise IT
05/22/2006: An excellent post by Lucas about object chnages and RSS feeds
05/22/2006: The hacker resistant database
05/22/2006: Site was down due to power failure at the ISP
05/18/2006: Password recommendations on Eddies blog
05/16/2006: Egor Starostin has a blog
05/16/2006: OraSRP open source SQL Trace profile tool
05/15/2006: David Litchfield has a new blog
05/11/2006: Oracle refuses to learn its lesson, experts say
05/08/2006: Oracle Internals: A good post by Doug about DUDE
05/07/2006: An Oracle security blog from Oracle
05/06/2006: Patched Oracle database still at risk, bughunter says
05/06/2006: Customers Wait for Oracle Security Patches
05/05/2006: Interesting thoughts on the Andrew Max blog about the recent 0-day view issue
05/04/2006: Oracle keeps many users waiting on April patches
05/03/2006: Researcher: Oracle Needs To Patch 44 More Bugs
05/01/2006: Patched Oracle database 'still vulnerable'
05/01/2006: Patched Oracle database 'still vulnerable'
04/30/2006: A quick update on my sites progress
04/28/2006: My site is moving now
04/21/2006: My site is moving so could go down for a short while
04/20/2006: Exploit code available for one of the bugs fixed in April 2006 CPU
04/20/2006: Security expert calls for Oracle makeover
04/20/2006: Argeniss are selling 0-day exploits for Oracle
04/20/2006: DBMS_SCHEDULER as a new alternative for DBMS_JOB by Patrick Sinke
04/20/2006: Oracles default password scanner released with CPU April 2006
04/19/2006: CERT Issues Alert for Oracle
04/19/2006: Alex has released an advisory for his bug in CPU April 2006
04/18/2006: What is amazing is that a lot of CPU patches are not available until May!!
04/18/2006: Oracle has released CPU April 18th 2006
04/17/2006: Happy birthday to Tom's blog
04/17/2006: Unbreakable, Unless You Shoot Yourself in the Foot
04/17/2006: 10 Infamous Moments In Security Research
04/17/2006: Great trip to Seattle to the PSOUG Oracle day 2006
04/14/2006: At the PSOUG Oracle day in Seattle
04/10/2006: Oracle releases, then pulls, zero-day database exploit code
04/10/2006: Oracle-Datenbanken gefährdet
04/10/2006: Oracle Slip-up Results In Leaked Exploit Information
04/10/2006: Oracle has released details of a 0-day vulnerability including exploit code on Metalink
04/10/2006: Back blogging again about Oracle Security
03/24/2006: Mary Ann Davidson has started a blog!
03/23/2006: Oracle have sent out an email to advise customers to patch CPU Jan 2006 for 9.2.0.7 on Linux
03/22/2006: Oracle’s New Search Efforts
03/22/2006: iSQL*Plus will be desupported
03/18/2006: switching from OID to Fedora Directory Server
03/16/2006: Experts unconcerned by RFID virus
03/16/2006: Chaos among PC Users over McAfee Update
03/16/2006: Microsoft goes public with Blue Hat hacker conference
03/13/2006: Fataler Fehlalarm bei McAfee VirusScan
03/11/2006: A site move (not far!) and some planned improvements and changes coming
03/07/2006: Security is the password
03/06/2006: Oracle Security Under Scrutiny
03/06/2006: Oracle on track of secure search
03/01/2006: An idal password reset function - NOT!
03/01/2006: Oracle releases critical, out-of-cycle patch
02/28/2006: Oracle publishes out-of-cycle security fix
02/28/2006: Oracle issues security patch
02/27/2006: Oracle releases an out of step security patch for E-Business Suite
02/26/2006: Oracle Integrating Identity Wares
02/23/2006: Sun's McNealy: Open Source Key To Security
02/23/2006: Lewis has a paper on Oracle security as well.
02/23/2006: Nice presentation by Lewis on Oracle Security
02/23/2006: Pete Finnigan's blog is back on blogs.oracle.com
02/23/2006: Oracle Enterprise Manager now supports Microsoft
02/23/2006: Oracle Identity Management Spurs Global Adoption
02/21/2006: Security's Heaviest Hitters
02/21/2006: A GSEC paper on securing Oracle Collaboration Suite
02/21/2006: Securing Data Warehouses With OID, Advanced Security And VPD
02/21/2006: Tom has a great post about continuity of operations
02/21/2006: Andrew Clarke has a post about Google hacking Oracle
02/21/2006: Security experts see vulnerabilities in embedded databases
02/19/2006: OASIS stamps approval on WS-Security 1.1
02/19/2006: Secure the OEM Encryption Key
02/16/2006: New Oracle blogs aggregator
02/16/2006: pssst, want to read something secret?
02/13/2006: Inside job
02/12/2006: Oracle Starts Melding Security, ID Management Offerings
02/12/2006: Oracle Set to Refresh Key Software Packages
02/11/2006: SourceLabs puts its SASH around Oracle
02/09/2006: Good paper on password policies
02/09/2006: Brian Duff announces that blogs.oracle.com is live
02/09/2006: Oracle defends security record
02/08/2006: Looks like Oracle will have its own blog aggregator and home
02/08/2006: Interesting listener.ora / listener password and VMS error
02/07/2006: Nice thoughts on Oracle internal people finding security bugs
02/06/2006: Inside Oracle's Patch Kimono
02/06/2006: Interesting thought on security advisories
02/05/2006: Oracle have released a FAQ to counter the mod_plsql 0-day bug
02/05/2006: A great snort rule to detect the mod_plsql 0-day bug
02/05/2006: Oracle aims to tone security muscle with Fusion
02/05/2006: leaking information about Oracle databases could be a dangerous thing
02/02/2006: patch set 10.1.0.5 does not include latest security fixes!
02/02/2006: Alex has described a new work around for the mod_plsql 0-day bug
02/01/2006: Stephen Kost (www.integrigy.com) has released an analysis of the mod_plsql 0-day bug / workaround
02/01/2006: 10.1.0.5 is available
02/01/2006: exploit code released for the DB18 AUTH_ALTER_SESSION bug - how to make any user a DBA
01/31/2006: How to connect to the database using Perl - with two way communication
01/31/2006: Information Week on the mod_plsql 0-day bug
01/30/2006: Gartner: Oracle no longer a bastion of security
01/27/2006: An argument rages in the ePress between Oracle and Litchfield
01/27/2006: Many ways to become a DBA presentation updated
01/27/2006: Details published about the mod_plsql 0-day bug
01/27/2006: Interesting comments about the David Litchfield bug and the Duncan Harris interview
01/27/2006: Alex has produced a document detailing the changes made by CPU Jan 2006
01/25/2006: Oracle is advising customers to patch the last CPU very quickly
01/25/2006: David Litchfield has released a workaround for an unpatched Oracle security bug
01/25/2006: Speaking engagements tomorrow and in April
01/25/2006: Harder-to-Detect Oracle Rootkit on the Way
01/25/2006: Oracle have re-released the Linux Jan 2006 CPU patch for 10.2.0.1
01/25/2006: Oracle security joke - a template for journalists
01/25/2006: Doug has some great comments on canned application security
01/25/2006: Oracle's patch application program OPatch is causing acess problems after applying interim patches
01/24/2006: Duncan Harris speaks on Oracle Security
01/22/2006: Alex has produced a detailed analysis of the Jan 2006 CPU
01/22/2006: The CPU Jan 2006 patch for HP/UX Application Server is empty
01/19/2006: Alex has added advisories for 23 security bugs fixed in 10g Release1
01/19/2006: Steven Feuerstein has started a weblog
01/19/2006: Bug DBC02 in CPU Jan 2006 found by Joxean Koret identified
01/17/2006: Red Database Security has released 5 Oracle security bug advisories
01/17/2006: Imperva discovers a critical access control bypass in login bug
01/17/2006: January 2006 Critical Patch Update Oracle security patch is released
01/16/2006: Interview with Oracle's security chief
01/16/2006: Lewis has an interesting post on Easy Connect
01/14/2006: Oracle is finally listening to customers about fix times and security patch quality
01/12/2006: Doug has posted an intersting note about executing of SQL script from URL's
01/12/2006: Dump
01/12/2006: Oracle have released an email warning customers about the latest worm
01/10/2006: Howard has some good advice on protecting against worms
01/09/2006: Justin talks about a new series of papers on Oracle security by Arup
01/09/2006: Oracle database worm mutates
01/08/2006: Oracle 'Worm' Exploit Gets Ominous Tweak
01/07/2006: A tiny digital camera
01/06/2006: up front security
01/06/2006: Frappr is mapping Oracle bloggers
01/05/2006: Niall has a good post - DBA as User
01/05/2006: The slashdot effect can be a problem for other sites
12/31/2005: More detailed analysis of the new Oracle worm
12/31/2005: A new variant of the Oracle Voyager worm is in the wild
12/31/2005: Metacoretex has been hacked
12/30/2005: Spammers again...
12/30/2005: David Knox on secure application roles
12/29/2005: State of the nation: referral spam, comments, content management, dedicated hosting and more
12/24/2005: A very happy christmas to everyone
12/24/2005: A nice paper on listener auditing
12/22/2005: standalone discoverer clients now sso compliant for E-Business Suite users
12/21/2005: Mary Ann Davidson announces that Fortify software will be used to find security holes in Oracle software
12/21/2005: Nice paper on database links
12/21/2005: Oracle Combines Its Identity Management Offerings
12/20/2005: Some more thoughts on the weakness of Oracle database passwords
12/17/2005: A new book "Cryptography in the Database: The Last Line of Defense"
12/16/2005: Another way to monitor the listener log for brute force attacks
12/16/2005: securing apache with Oracle
12/15/2005: The possible complexity level of Oracle database passwords is in question
12/14/2005: Integration Promises Still Haunting Oracle
12/14/2005: Another free Perl script to check the listener log
12/11/2005: A useful perl script to check for listener password brute force attempts
12/10/2005: Arup's new book and some networking
12/09/2005: Good overview of SOA security
12/09/2005: CIS Oracle security checklist referral
12/08/2005: DBMS SIG conference today - A security focus
12/07/2005: I am presenting at the DBMS SIG in Melton Mowbray about Oracle security
12/07/2005: Laurent talks about restricting the power of RMAN
12/07/2005: Oracle PL/SQL for DBA's
12/06/2005: Bugs
12/05/2005: Oracle security checklist
12/05/2005: Some details of listener password exploits
12/04/2005: A sample package to manipulate LDAP
12/04/2005: Nice post about LOG ERRORS potential performance issue
12/04/2005: CPU July 2005 and CPU October 2005 have problems!!
12/03/2005: Pete Finnigan is back after a week away from blogging!
11/25/2005: 0rm has updated orabf the Oracle password cracker
11/24/2005: Oracle Database security checklist from Oracle
11/24/2005: US DoD database security technical implementation guide V7, release 1
11/22/2005: Happy 20th birthday Windows
11/22/2005: A DoD Security Guidelines document for databases
11/22/2005: Some news items about the SANS TOP-20 release
11/22/2005: SANS has released a new top 20 list of vulnerabilities
11/20/2005: Two new speaking events added to my site
11/19/2005: A new Oracle security checklist paper from Oracle
11/19/2005: How many Oracle databases are exposed to the net?
11/18/2005: Listener password management features
11/18/2005: A good comparison between Oracle and SQL Server features
11/18/2005: Determining if a patch set has been applied to an Oracle database
11/18/2005: Laurent on hidden parameters
11/18/2005: David Litchfield has started a blog and talks about the worm
11/17/2005: OracleXE beta 2 released
11/17/2005: David Litchfield has started a database security portal
11/17/2005: Oracle's email on Thor Technologies and OctetString
11/17/2005: LDAP
11/17/2005: Oracle buys two security software companies
11/15/2005: Oracle responds to the password algorithm weakness paper
11/14/2005: Problems with the October CPU discovered
11/14/2005: Disclosure or advertising?
11/12/2005: DBMS_ASSERT can be used to protect against SQL Injection
11/12/2005: Mary Ann Davidson on how to evaluate software security
11/11/2005: Commercial rainbow cracking
11/11/2005: Oracle XE will get upgrades with security fixes rather than patches
11/09/2005: More than 275 new security bugs found last week in the Oracle 10g database
11/09/2005: Many ways to become DBA
11/08/2005: Bruce Schneier blogs about the Oracle password weakness paper
11/08/2005: What Are the Default Restrictions on Oracle Passwords?
11/07/2005: Oracle adds fine-grain features to ID security
11/07/2005: Oracle Worm Proof-of-concept
11/07/2005: CNET news on the Oracle worm
11/07/2005: Voyager worm targets Oracle databases
11/07/2005: A movie about Oracle homeland security solutions
11/06/2005: Oracle alerts customers to the so called voyager worm
11/04/2005: Why Protect Fort Knox Borders But Ignore The Gold?
11/03/2005: Oracle has released a new security vulnerability fixing policy and process
11/03/2005: Mary Ann speaks about security strategy
11/02/2005: Oracle Express - will we get security patches? - I truly hope so
11/01/2005: UKOUG so far
11/01/2005: Oracle worm in the wild
10/30/2005: UKOUG tomorrow
10/30/2005: Oracle Express - friend or foe?
10/29/2005: Some news stories about the josh oracle password paper
10/27/2005: Josh has released a paper about the Oracle password algorithm
10/27/2005: Flaw hunters pick holes in Oracle patches
10/26/2005: Some fight back on Oracle security bugs - old news article
10/22/2005: Exploit circulating for newly patched Oracle bug - It can crash an unpatched database server
10/21/2005: Researcher: Oracle Patch Set Flawed Again
10/21/2005: An example of using DBMS_CRYPTO
10/21/2005: My site was on the BBC 1 breakfast - well a picture of a link to it was!
10/20/2005: Easy connect identifier
10/20/2005: An exploit has been published for database security bug DB27
10/20/2005: Alex has posted an excellent analysis of the CPU Oct 18 database security bugs
10/19/2005: Women who know Oracle and security
10/19/2005: Some news about the CPU October 18 2005 Oracle security patch set
10/18/2005: CPU October 18th a few comments
10/18/2005: Security Critical Patch Update October 18 is out
10/16/2005: comments and how to re-enable them on this blog
10/14/2005: How to encrypt/decrypt strings with the dbms_obfuscation_toolkit package
10/13/2005: Prevention and detection better than cure
10/12/2005: The Age talks about David Litchfields open letter to Oracle
10/11/2005: Security, SOX and Oracle Incentive Compensation
10/10/2005: WebGoat an application to learn how to hack!
10/10/2005: A new paper on SQL Injection
10/08/2005: Some more posts on bugtraq about David Litchfields open letter to Oracle
10/07/2005: Slight correction to the HTMLDB advisories
10/07/2005: Red Database Security has released 6 new Oracle security bug advisories
10/07/2005: Researcher lashes out at Oracle's security effort
10/06/2005: Link to David Litchfields original post
10/06/2005: David Litchfield writes an open letter to the security community and Oracle customers
10/05/2005: OUG Scotland
10/03/2005: Good thread on Oracle brute force password cracking and OUG Scotland
10/03/2005: A couple of papers by Mladen Gogala
10/01/2005: The Six Dumbest Ideas in Computer Security
10/01/2005: Oracle and Sarbanes Oxley
10/01/2005: Amis has a good post on debugging client side SQL*Net
09/30/2005: more failed_login_attempts!
09/29/2005: More details on default failed_login_attempts
09/29/2005: More security help in 10g R2
09/29/2005: Nice example of the new password store in 10g R2
09/27/2005: Quite a nice post about debugging with DBMS_DEBUG
09/26/2005: Another Larry news article on security from OOW
09/26/2005: Larry Ellison speaks about fixing security bugs
09/25/2005: A new paper on a security hole in Application Server Control
09/24/2005: Meet the experts (Oracle Security) at Oracle Open World - an open standard for securing Oracle
09/24/2005: Happy first birthday to my Oracle security blog!
09/21/2005: Oracle Proxy Users
09/19/2005: Some testing of orabf (Oracle password cracker) speed by Marcel-Jan
09/19/2005: A nice fix for the "Overwrite any file via desname in Oracle Reports" bug
09/17/2005: On Security, Is Oracle the Next Microsoft?
09/17/2005: An interesting post on patch scheduling and disclosure
09/17/2005: Google has added a great blog search tool
09/15/2005: Oracle Locks Up 'Federated' App Server
09/15/2005: Alex's SQL Injection advisory is available in German
09/14/2005: Alex has released details about a common SQL Injection vulnerability in Oracle reports
09/13/2005: A small correction to a post about DBMS_SYSTEM.KSDDDT
09/12/2005: Amis talks about the need to remove USER from PL/SQL and SQL code
09/12/2005: Some Perl and problems with referral spammers
09/09/2005: Nice paper by KK Mookhey and Nilesh Burghate - Detection of SQL Injection and Cross-site Scripting Attacks
09/09/2005: 10g Release 2 for Windows is available
09/07/2005: jDUL / DUDE (Database Unloading by Data Extraction) - an alternative to DUL
09/06/2005: archivelog mode - or not?
09/05/2005: Wifred notes that Patch 9.0.4.2.0 has a bug in Oracle forms
09/05/2005: Pre DBMS_RANDOM
09/04/2005: Security firm considers changing its policy on public disclosure of security vulnerabilities
09/03/2005: CPU July 2005 patch set for Application Server Windows 9.0.2.3 has a problem
09/03/2005: Congratulations to Mark Rittman on for Oracle magazines Oracle ACE of the year 2005
09/01/2005: 0rm's Oracle password cracker orabf has been updated
08/31/2005: Alex has added a page to compare the available Oracle password crackers
08/29/2005: A career change and some site revamping
08/27/2005: 1.02 Million hashes/second Oracle dictionary and brute force password cracker available
08/26/2005: Alex has released version 1.1 of Checkpwd - the Oracle dictionary password cracker
08/25/2005: Full disclosure list: Summary of the password algorithm and a C code plug-in for John The Ripper password cracker
08/25/2005: A correction to the author and URL for orabf.pl
08/24/2005: A perl script to brute force database connections
08/24/2005: Alex Kornbrust has released a Linux version of his Oracle password cracker
08/23/2005: A second thread on c.d.o.s. about the Oracle password algorithm
08/23/2005: Red Database Security has released more Oracle password algorithm information
08/23/2005: Details of the Oracle password algorithm were revealed by its creator in 1993
08/23/2005: undocumented Oracle?
08/22/2005: Red Database Security has released a standalone Oracle password cracker
08/22/2005: New Online MD5 Hash Database
08/22/2005: Crack Oracle Security like a peanut!
08/22/2005: A short download of Tom Kytes new book is available
08/19/2005: Radoslav Rusinov's Blog and mod_plsql passwords in clear text
08/19/2005: Alex Kornbrusts Black Hat presentation on reverse engineering Oracles encryption packages
08/18/2005: Doug talks again about ? and catpatch.sql
08/18/2005: Bell Labs Dept 1127 has finally gone
08/17/2005: My site and Blog are available again
08/16/2005: OPatch, wherefore art thou?
08/16/2005: Is it just me or is Orablogs not reachable again?
08/16/2005: Hashattack 2.0 tool : ooops incorrect link on the tools page
08/15/2005: Two excellent papers on a new method to combat parameter validation and SQL Injection
08/15/2005: Robert shows how easy it is to read data from websites directly into the database
08/14/2005: The rise of Oracle blogging
08/14/2005: Oracle Security expert: More developer education is needed
08/12/2005: Prime number researchers put encryption algorithms such as RSA at risk
08/12/2005: New TNS protocol full client available for testing listener security
08/11/2005: Hashattack - Oracle password tool update to version 2.0
08/11/2005: A good page describing Oradebug
08/11/2005: Some good tips on Dougs blog?
08/09/2005: Oracle simplifies SOAs
08/08/2005: slashdot discussion about Mary Ann Davidsons recent news article
08/08/2005: Joshua Wright has provided a free tool to check Oracle accounts for common passwords
08/06/2005: 10gR2 the CONNECT role has finally been sanitized
08/05/2005: Database Vendors Shouldn't Kill the Messenger
08/05/2005: Esteban Martínez Fayó has a fantastic black hat presentation on SQL Injection
08/04/2005: 10g Release 2 is available for download for Windows
08/04/2005: Some response to Mary Ann's article
08/01/2005: Demystifying MS SQL Server & Oracle database server security
08/01/2005: Black Hat Confab to Spotlight Database Security
08/01/2005: Ingrian DataSecure - A network appliance based encryption solution
08/01/2005: Security Matters
07/29/2005: VeriSign boosts security with iDefense acquisition
07/29/2005: Grid Group Issues Security Requirements
07/28/2005: iDefense ups the bidding for bugs
07/28/2005: Oracle's 10g Encryption Feature Is a Fine First Step
07/27/2005: Mary Ann Davidson fights back - When security researchers become the problem
07/27/2005: web seminar for Oracle roadmap of Oblix integration
07/27/2005: Oracle's encryption not secure, researcher says - Alexander Kornbrust plans to detail his findings at Black Hat
07/27/2005: Oracle Patches Its Security Patches - Database patches fix flaws found in previous fixes
07/25/2005: New Oracle Security Forum opened
07/23/2005: [Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package
07/23/2005: Oracle's correction to the April CPU patch email has been posted to Bugtraq
07/22/2005: Oracle Confirms Holes in Two Latest Patch Sets
07/22/2005: David Litchfield sets the record straight
07/22/2005: More problems with the April Critical Patch Update - does it ever stop?
07/22/2005: A list of all the news articles about Alex Kornbrusts advisories
07/21/2005: An Oracle spokeswoman speaks to TheAge
07/21/2005: a retro news article : Ellison: Oracle remains unbreakable
07/21/2005: More trouble looming for Oracle? - Black Hat is next week - there are 4 talks about Oracle Security
07/21/2005: The Register talks about the bugs
07/21/2005: Six Unpatched Flaws in Oracle Database Products
07/20/2005: Oracle researcher announces high-risk database flaws
07/20/2005: A couple of bloggers talk about Oracle's unpatched bugs
07/20/2005: Oracle-Patches mehr als 600 Tage überfällig
07/20/2005: Oracle Simplifies SOA, Web Services Security
07/20/2005: Why it is important to encrypt credit card information
07/20/2005: Security experts round on Oracle over unpatched holes
07/20/2005: Oracle dragging heels on unfixed flaws, researcher says
07/19/2005: Sun has released an alert notification (15 July 2005) about multiple security vulnerabilities in Oracle affecting SunMC
07/19/2005: A Russian language news article about unfixed Oracle security bugs disclosure
07/19/2005: Red Database Security releases security advisories for high risk unfixed Oracle bugs
07/16/2005: More news on silent fixes in CPU July 2005
07/15/2005: A good German new item on CPU 12 July 2005
07/15/2005: Oracle are asking customers to download CPU July 2005 for 10.1.0.x again as there is a problem
07/15/2005: Oracle has been silently fixing security bugs in CPU July 2005
07/14/2005: Internet News talks about Oracles latest Critical Patch Update
07/14/2005: Grant talks about securing Forms applications with SSL
07/14/2005: Same problem again as April CPU - CPU July 2005 failed to fix a bug it says it did fix
07/13/2005: Oracle Simplifies SOA Security
07/13/2005: SearchSecurity.com has a good news story about CPU July 2005
07/13/2005: Computer World is also talking about CPU July 2005
07/13/2005: ZDNet news talks about the Critical Patch Update 2005
07/13/2005: Security advisories released detailing 4 of the bugs fixed in CPU July 2005
07/12/2005: Self signed SSL certificates with JInitiator
07/12/2005: CPU 12 July 2005
07/12/2005: Critical Patch Update July 12 2005 is available
07/12/2005: A great new free Oracle instance discovery tool - WinSID
07/11/2005: Two security bugs found and reported to Oracle in 10g Release 2 already!
07/11/2005: The next Critical Patch Update is due tomorrow - 12 July
07/11/2005: European software patents have been ditched
07/08/2005: Paying a ransom to read your data
07/08/2005: Is it possible to check whether Oracles CPU update emails are *real*?
07/08/2005: David Litchfield has released an advisory for the recent CPU 12 April vulnerabilities
07/07/2005: Oracle have issued a second email with another exploitable vulnerability in 10.1.0.2 in CPU 12APR
07/07/2005: Oracle have issued an email alert that CPU April 2005 is vulnerable to exploit
07/07/2005: I have updated my RSS feed to output 40 words instead of 20
07/07/2005: Oracle 10g Release 2 is available for Linux X86
07/07/2005: Oracle 10g Release 2 is available for Linux X86
07/07/2005: Some spiffy new security bits in 10g Release 2
07/06/2005: 10g Release 2 allows deletion of datafiles
07/05/2005: orablogs is back
07/05/2005: Reverse engineering patches!
07/05/2005: Off Topic: I have started a second blog on web development
07/04/2005: Frank talked about form-based authentication with struts
07/02/2005: A new sample installation session for Oracle Password Repository (OPR) version 1.1.8
07/02/2005: Oracle Password Repository (OPR) is updated to version 1.1.8
07/01/2005: whilst on the subject of orablogs - version 2 is in the wings
07/01/2005: Orablogs still seems to have DNS issues
07/01/2005: Marcus Ranum interview on Security Focus
06/29/2005: 10g Release 2 PL/SQL and SQL new features
06/29/2005: A security issue with OPR version 1.1.7
06/28/2005: Niall says Oracle 10gR2 should be out on June 30 - for Linux
06/28/2005: Protecting network based storage
06/28/2005: A new version of OPR is released
06/27/2005: Installing Oracle Password Repository (OPR) - a walk through
06/26/2005: Ed informs us that 10gR2 should be out this month
06/24/2005: An excellent XSS cheatsheet
06/24/2005: Frank talks about Bruce Schneier's book "secrets and lies"
06/23/2005: Grant talks about patch 2 for 9.0.4 for certified Linux and Mac clients
06/23/2005: Doug followed up on DBA_REGISTRY
06/23/2005: Orablogs seems to be down - or maybe not!
06/22/2005: Pete Finnigan is now a member of the Oaktable network
06/21/2005: An issue with DBA_REGISTRY
06/20/2005: 10gR2 adds a "wrap" package procedure, TDE and makes DBMS_OUTPUT output unlimited
06/20/2005: Security is a major force in the new 10g Release 2 database
06/18/2005: OT: RSS fixes just done
06/18/2005: Changed my RSS feed to spit out the first 20 words and a link to the entry
06/17/2005: An interesting alternative technique to crack passwords
06/17/2005: Britain's hi-tech crime wave
06/17/2005: Oracle unveils its identity management suite
06/16/2005: Another great Windows internals site
06/14/2005: A nice Windows internals website
06/14/2005: Brian talks about why JPasswordField.getText() is deprecated
06/13/2005: A book on Peoplesoft for the Oracle DBA
06/12/2005: Shay talked about version control through JDeveloper
06/11/2005: OT: Another Apple post
06/10/2005: Interesting post in Amis about "who called me"
06/10/2005: A truss like tool for IBM AIX and a file undelete program
06/10/2005: Oracle reinforces their identity management software offerings
06/09/2005: Default passwords for Oracle BPEL Process manager
06/08/2005: Debu talked about EJB security hole
06/07/2005: Wait even enhancements in 10g
06/06/2005: ooops forgot the link
06/06/2005: DBA Audit 2.5 - An interesting audit product.
06/04/2005: OT: A book on how to build an Apple 1 replica
06/03/2005: SANSFIRE is coming up very soon
06/03/2005: A good book on reverse engineering