Call: +44 (0)7759 277220 Call
Blog

Entries

07/07/2017: Oracle Security Audit and Open Ports on a Database Server
05/26/2017: Oracle Security Training
05/23/2017: O7_DICTIONARY_ACCESSIBILITY and UTL_FILE_DIR in Oracle 12c release 2
05/08/2017: Oracle Security 12cR2 and Oracle Security Training Dates
05/01/2017: Oracle 12cR2 Security - Listener Port
04/12/2017: New Online Oracle Security PUBLIC Training Dates Including USA Time Zones
04/11/2017: PeteFinnigan.com In The Top 60 Oracle Database Blogs
04/05/2017: Oracle Security Training Manuals For Sale
04/04/2017: How to Perform a Security Audit of an Oracle Database Training in Athens, Greece
03/31/2017: Is SQL Injection A WebSite Problem?
03/23/2017: Can You Say That An Oracle Database is nn% secure?
03/22/2017: PFCLScan - A Security Scanner For Oracle Databases - New Website
03/15/2017: Validating The Length Of An Oracle Database Hashed password?
03/14/2017: Default Password Hashes for 11g Oracle Database
03/02/2017: 12.2 is Available For Download For Linux And Solaris
02/28/2017: Delete from AUD$
02/23/2017: Fourteenth Anniversary For PeteFinnigan.com Limited And New Website
01/12/2017: Two New Oracle Security Public Class Dates
12/16/2016: Oracle Security And Merry Xmas And A Happy New Year
08/31/2016: Data Loss
08/22/2016: Oracle Security Training
08/10/2016: Data Exposure, leakage and Reporting
08/08/2016: Oracle Security Talks, Training and Conferences
07/08/2016: Oracle Security Expert Seminar
06/06/2016: 5 Days Expert Oracle Security Training In Paris - 20th June 2016
05/26/2016: Amis Conference June 2nd and 3rd
05/25/2016: Are Zero Days or Bugs Fixed by CPU The Worst?
05/24/2016: Compartmentalised Oracle Security
05/23/2016: New Oracle Security Paper on Non-Production and Delphix
04/01/2016: Oracle Security And Delphix Paper and Video Available
03/31/2016: 3 Days of Oracle Security Training In York, UK
03/14/2016: Oracle Data Masking and Secure Test Databases
03/10/2016: BOF: A Sample Application For Testing Oracle Security
12/14/2015: Two New Oracle Security Presentations Available
10/22/2015: Oracle Security Training In York
10/01/2015: New Presentation - Building Practical Oracle Audit Trails
07/21/2015: Protect Your APEX Application PL/SQL Source Code
07/09/2015: Oracle Security and Electronics
07/06/2015: New Conference Speaking Dates Added
07/03/2015: Happy 10th Belated Birthday to My Oracle Security Blog
06/30/2015: Oracle Database Vault 12c Paper by Pete Finnigan
06/25/2015: Unique Oracle Security Trainings In York, England, September 2015
07/23/2014: Coding in PL/SQL in C style, UKOUG, OUG Ireland and more
06/25/2014: Integrating PFCLScan and Creating SQL Reports
04/17/2014: Automatically Add License Protection and Obfuscation to PL/SQL
03/05/2014: Twitter Oracle Security Open Chat Thursday 6th March
10/29/2013: PFCLScan Reseller Program
10/18/2013: PFCLScan Version 1.3 Released
09/04/2013: PFCLScan Updated and Powerful features
08/28/2013: Oracle Security Training, 12c, PFCLScan, Magazines, UKOUG, Oracle Security Books and Much More
07/31/2013: Oracle 12c Security - SQL Translation and Last Logins
07/23/2013: Hacking Oracle 12c COMMON Users
07/22/2013: Oracle Security Loop hole from Steve Karam
07/08/2013: Oracle Database 12c Security Auditing
07/05/2013: Oracle 12cR1 Database Security - Default Users
07/05/2013: Oracle Database 12c Security - Privileges and users - The Beginning
07/04/2013: Oracle 12c Security
06/24/2013: Credit Card Security and Passport Security
06/14/2013: Oracle Security Posts And Conferences
06/12/2013: Oracle Security WebSite Woes!
05/30/2013: Oracle Security Class and software for Oracle security
01/14/2013: Secure Coding PL/SQL
09/06/2012: Oracle Security Search Is Annoying and protecting PL/SQL code
09/05/2012: Oracles Java Patch
09/04/2012: New Oracle Security Talks
09/03/2012: New Oracle Security Presentation - Identity In The Database
06/20/2012: Oracle, Proxy, Obfuscation, Cookie Law, Talks, more...
02/13/2012: Oracle Security Training in Berlin ... and more ...
09/21/2011: More oradebug
09/21/2011: oradebug
09/19/2011: UKOUG Oracle Data Security Day presentation slides available
09/06/2011: Oracle Security Training in Denver, USA
07/06/2011: Cursor variable and global cursors security issues
06/24/2011: Training, twitter, Oracle security products
04/20/2011: New Oracle security papers and Oracle forensics tool
03/03/2011: SQL Injection Attack
03/02/2011: Oracle Security Training in the UK
02/21/2011: Oracle Database Firewall Controversy
01/28/2011: Techa Kucha In York
01/19/2011: Latest Oracle Security Critical Patch Update is out
01/04/2011: Oracle Security Training, Home For Christmas and a belated happy new year
12/02/2010: Snow, Woe and Oracle Security!
10/12/2010: Legal aspects of web and software design
10/06/2010: Conference talks, Training and a survey for David
10/05/2010: Free Oracle Security Webinar Recording On-Line
09/27/2010: Webinar: The right way to secure Oracle by Pete Finnigan - Wednesday 29 September 2010
09/23/2010: Oracle Post Exploitation and Password cracking
09/13/2010: English Football Fans Data Allegedly Sold to the BlackMarket
09/10/2010: Oracle Security Presentation Available
09/02/2010: Oracle Security
08/16/2010: Alex Hutton Podcast on data breach
08/13/2010: Would You Like A Job in Database Security?
08/06/2010: Hacking Oracle over the web and exploiting Database Vault
08/03/2010: Data Breach Survey Results
07/27/2010: The second IOUG / Oracle Security Assurance Survey
07/14/2010: 59 Security bugs fixed, 28 remotely expolitable, 13 in the database
07/07/2010: Pete Finnigan will be teaching Oracle Security in Tallinn, Estonia and speaking at UKOUG Unix SIG at TVP
07/01/2010: Do Oracle 11g features weaken security?
06/29/2010: V3rity has released a redo log mining tool to extract DDL from redo logs
06/24/2010: Leaking information about your database to help a hacker!
06/17/2010: New Public Oracle Security Training Class Dates announced
06/15/2010: New Oracle Security presentation available
05/05/2010: Public Demonstration of PFCLScan in Edinburgh Thursday May 13th
04/14/2010: 10g and 11g PL/SQL Unwrapper source code available
04/12/2010: Secure External Password Store
04/09/2010: Java forensics and Apps Security (twice)
03/25/2010: Webinar Recording and Laszlo's TNS hijack and downgrades Presentation
03/12/2010: A paper on Sentrigo Hedgehog and Pete Finnigan webinar slides
03/10/2010: Blocking Tools from using the database
03/08/2010: Pete Finnigan Webinar on Oracle Security
02/23/2010: SANS 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
02/17/2010: SQL Injection and Java exploits
02/02/2010: Turkey, Germany, York, Holland and the Oak Table book
02/01/2010: The Oracle listener password algorithm
01/20/2010: Two new Oracle root kits
01/19/2010: Conferences, webinars, trainings, new training dates.....
01/05/2010: Training in York, England and Washington DC and adverts
01/04/2010: Hiding password hashes and a new sha1 Oracle password cracker
12/29/2009: Belated Christmas wishes and a happy new year to all readers
12/17/2009: The Oak Table book should be off to print
12/16/2009: Announcement: Oracle Security Training in Washington DC, March 25-26 2010
12/15/2009: Buying books, writing books and uploading slides
12/07/2009: Dennis has released a paper describing his FPGA cracker
12/03/2009: Unwrapping PL/SQL
11/30/2009: Two exploit versions of the ctxsys.drvxtabc.create_tables bug from Bunker
11/28/2009: A new Russian Oracle Security Tool
11/26/2009: New Oracle Security Book, UKOUG and Finland
11/19/2009: OS Authentication
11/17/2009: Revoking PUBLIC Execute on SYS.DMP_SYS
11/16/2009: PeteFinnigan.com Limited USA Partnership Announcements
11/13/2009: Pre-Announcement - Oracle Security Training in York in 2010
11/12/2009: Creating users creatively
11/10/2009: Russian Oracle Security Book
11/09/2009: Direct Grants, DBA, Invoker rights and definer rights
11/05/2009: Back from Prague and a new paper on explicit grants and roles
11/02/2009: One more point on Oracle password crackers
10/30/2009: Update to Dennis Yurichevs FPGA cracker plus exploit code for the CPU CVSS 10.0 bug
10/28/2009: Some training and speaking dates
10/27/2009: A new Oracle Security book.... or three!
10/26/2009: Cold remedies and Oracle Security
10/23/2009: Mary Ann Davidson fields security questions at Open World
10/21/2009: October 2009 Critical Patch Update is out; Paul has a paper on escalation to OSDBA
10/20/2009: Health Data Theft
10/16/2009: Oracle's October pre-cpu advisory is released
10/15/2009: OWASP Leeds meeting slides available
10/14/2009: SQL Injection and a presentation on data security
10/13/2009: Spoofing users and programs and presenting at OWASP
10/12/2009: Oracle's new Oracle database security and compliance solution
10/09/2009: Nice Summary of setting up audit options
10/08/2009: Expert Oracle Practices: Oracle database administration from the oak table
10/07/2009: How many Security bugs are in the Oracle database software product set
10/06/2009: Oracle Security Worst Practices
10/05/2009: 60 million password hashes/second Oracle password cracker available
10/02/2009: IOUG Data Security Report 2009 is out
09/30/2009: A grammatically correct random pass phrase generator
09/29/2009: SQL Injection - accessing additional tables via the where clause
09/28/2009: Default Users
09/24/2009: Backups are valuable
09/22/2009: Blog birthday, speaking, training and Oracle Java security
09/04/2009: Oracle delays the October CPU and 11g Release 2 is out
09/01/2009: A book, a database scanner and a magazine column and a few bugs
08/19/2009: Bypassing VPD through inference
07/24/2009: Hacking Oracle made easy
07/24/2009: The right way to secure Oracle slides available
07/22/2009: Rogue DBAs: Hidden Inside Security Threat
07/21/2009: Pete Finnigan webinar "The right way to secure Oracle"
07/16/2009: Escalate privileges to SYSDBA with CREATE USER
07/15/2009: Latest Oracle CPU is out
07/08/2009: Poor mans database vault
07/06/2009: A new database security auditing and scanner product, some BBED, ASM and AV
06/01/2009: 2 Day Oracle Security Seminar in York, England
05/21/2009: Two sets of slides added from Helsinki and Wolverhampton
05/11/2009: Checking if a password is valid using SQL
05/01/2009: The right way to secure a database
04/15/2009: April 2009 CPU is out
04/14/2009: Undocumented Oracle - Using ENUM's in PL/SQL
04/14/2009: New Oracle Security book out
04/02/2009: Oracle Security training in Edinburgh with Pete Finnigan
04/01/2009: A database installed version of who has privilege script
03/23/2009: SQL Injection Exploitation techniques
03/20/2009: Presentation on using VPD in the real world available
03/02/2009: IOUG Critical Patch Update Survey Results Are Out
02/11/2009: A new version of woraauthbf is available (The Oracle password cracker)
02/11/2009: Writing a password cracker in Perl
02/09/2009: Accessing Data Outside the data model
02/09/2009: Blog with Oracle Security posts
02/08/2009: Attacking Oracle with Metasploit
02/06/2009: Is it possible to steal data with just ALTER SESSION?
02/05/2009: Interview with SearchSecurity about Slavik's new Fuzzor
02/05/2009: Instrumentation - a god send for speed freaks - a god send for data thieves
02/04/2009: New version of Fuzzor available
02/03/2009: Details of a 10g PL/SQL Unwrapper available
02/03/2009: Google hacking and Oracle database security audits
01/22/2009: A paper on how to find Oracle SID's
01/16/2009: A PL/SQL Fuzzer / Fuzzor
01/14/2009: January 2009 CPU is out
12/31/2008: New Year Oracle Security
12/12/2008: Pete Finnigan's presentation slides available from UKOUG conference
11/27/2008: Oracle forensics paper - part 7 and an Oracle datablock dump tool
11/26/2008: Permissions required to run my PL/SQL Oracle password cracker
11/24/2008: A new exploit to bypass Oracle Database Vault has been released
11/17/2008: The question of revoking PUBLIC grants
11/12/2008: Podcast with Pete Finnigan on the subject of virtual patching
11/07/2008: UKOUG Conference is only 4 weeks away
11/06/2008: Some Oracle Security videos
10/24/2008: New CIS Oracle database benchmark
10/22/2008: PeteFinnigan.com Limited advisory for the October 2008 CPU released
10/21/2008: A new paper on PL/SQL Injection
10/20/2008: Exploiting CREATE ANY DIRECTORY to become a SYSDBA
10/17/2008: How to write injection proof PL/SQL
10/14/2008: October Critical Patch Update 2008 is out
10/13/2008: New version of cracker-2.0 the PL/SQL cracker - option to not reveal passwords
10/13/2008: Two new blogs on Oracle internals
10/02/2008: Happy Belated 4th Birthday to my blog
09/29/2008: Slides from my Oracle Security Masterclass at White-Hats are available
09/25/2008: Oracle Password Cracker written in PL/SQL is available
09/25/2008: Oracle Security talk available as slides and also video
09/23/2008: An update, slides, USA and a masterclass
09/17/2008: Oracle Security webinar with Pete Finnigan
09/15/2008: Oracle Security Masterclass slides available
08/29/2008: A new Oracle Password cracker that runs inside the database
08/28/2008: Designing application and code to use the minimum privileges
08/25/2008: Another Major UK Data Loss
08/13/2008: Stopping a user from changing his own Oracle database password
08/11/2008: Holidays, Patch re-releases and newsletters
07/31/2008: Conferences and Training Dates
07/30/2008: 0-day and the first security alert for 3 years from Oracle
07/28/2008: Is Oracle Security getting better or in other words "is Oracle Security good enough?"
07/24/2008: IOUG/Oracle Software Security Assurance Team joint survery
07/23/2008: Kurt Van MeerBeeck (jDul, DUDE) has started a blog
07/22/2008: Advisories for the July 2008 Critical Patch Update and exploit code
07/21/2008: Lateral SQL Injection needs no database privileges
07/18/2008: July 2008 Critical Patch Update (CPU) is the first to use CVE-ID numbers
07/17/2008: Sentrigo release Hedgehog vPatch
07/16/2008: July 2008 Critical Patch Update is out - a remote un-authenticated exploit revealed
07/15/2008: Archive and purge in a security context presentation slides available
07/14/2008: A new improved version of the woraauthbf Oracle password cracker is available
07/12/2008: nCipher provides encryption key management for TDE in Oracle 11g
07/11/2008: Oracle Patch Tuesday Is Coming
06/30/2008: SQL Injection tools
06/20/2008: An Oracle Security Survey by The IOUG and Oracle
06/18/2008: Hacking Oracle with a coffee machine?
06/11/2008: Sentrigo Hedgehog
06/05/2008: Two Oracle Security Presentations
06/04/2008: SYSDBA And Triggers And Invoker Rights
06/02/2008: Internet wars
05/22/2008: Talking, Training and statistics
05/21/2008: Read only Tables or Read only users
05/20/2008: Oracle Authentication Process and password algorithm
05/16/2008: Howard's DORIS script is available again - some security comments from me
05/15/2008: License Plate scanners and SQL Injection
05/14/2008: Oracle Application Server 10g ORA_DAV basic authentication bypass
05/13/2008: License plate SQL Injection
05/01/2008: Slides from OUG Scotland DBA SIG on Oracle Forensics available
05/01/2008: Conditionally firing triggers
04/30/2008: Lateral SQL Injection and Conferences and security training
04/25/2008: Slides from OUGN Norway and RISK 2008 Norway available
04/14/2008: Two remotely exploitable without authentication bugs to be fixed
04/08/2008: Fine Grained network Access Control in 11g
04/07/2008: C code API to encapsulate OCI
03/31/2008: A new version of the Oracle password cracker woraauthbf is available
03/28/2008: Slides from Pete Finnigan Oracle Security webinar available
03/22/2008: A new release of Inguma
03/15/2008: Pete Finnigan is doing a live webinar on Oracle Security March 28th
03/14/2008: Oracle security audit training in the Netherlands with Pete Finnigan
02/29/2008: Oracle Security Back to basics slides available
02/25/2008: Speaking events, SQL Hashes and clever password crackers
02/14/2008: Oracle Defending Against SQL Injection Tutorial
02/13/2008: A hint of Oracle's coding standards
02/11/2008: Oracle security conferences, illness and ....
02/07/2008: A default password script and a cracker helper script
02/04/2008: PeteFinnigan.com Limited becomes UK partner for Sentrigo Hedgehog
02/01/2008: Oracle database exploits available for January 2008 CPU fixes
02/01/2008: A new version of woraauthbf - The Oracle password cracker is released
01/30/2008: PeteFinnigan.com Limited Advisory for the Oracle Jan 2008 CPU
01/28/2008: Review of the book Practical Oracle Security
01/24/2008: Orablogs is no more (well soon)
01/23/2008: Pete Finnigan; new VPD in the real world paper available
01/21/2008: UKOUG Unix SIG 22nd Jan and more
01/16/2008: Oracle release the January 2008 CPU patch
01/14/2008: Sentrigo release a study of how many people apply a CPU
01/08/2008: Why does the parameter count change
01/07/2008: Happy New Year and an example of having your bank account compromised
12/24/2007: List of Security papers
12/21/2007: In memory backdoors in Oracle
12/21/2007: emkey and the importance of it in Grid Control security
12/16/2007: Mining Data from the Listener Log
12/09/2007: Pete Finnigan Oracle Security Masterclass presentation from UKOUG
12/09/2007: Pete Finnigan Oracle Forensics presentation from the UKOUG
12/09/2007: Pete Finnigan Oracle Security Tools presentation from UKOUG available
12/03/2007: Read only, best of Oracle security, locating passwords and UKOUG
11/25/2007: Eight ways to hack Oracle
11/21/2007: Personal details for 25 Million people go missing in the UK
11/20/2007: Would you like a job in Oracle security - PeteFinnigan.com Limited is hiring
11/17/2007: 10g and 11g password leak during install, honeypots and databases exposed to the internet
11/12/2007: Oracle 0-day bug to get SYSDBA access to the database
11/08/2007: Pete Finnigan Oracle 11g Security presentation slides available
11/06/2007: Exploit code to crash an Oracle database posted
11/06/2007: Pete Finnigan speaking about Oracle 11g Security tomorrow at UKOUG DBMS SIG
11/02/2007: DBMS_SQL new security features and ROWID hacking
10/31/2007: Does Oracle's Database Need More Security?
10/31/2007: Memory resident backdoors in Oracle
10/30/2007: Simple Oracle 11g Password check PL/SQL script
10/29/2007: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM
10/29/2007: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO
10/29/2007: New presentation on Database Vault faults
10/29/2007: A new SQL Injection protection PL/SQL package
10/27/2007: David Litchfield has started a new blog
10/25/2007: Nice ideas to scrape the alert log in Windows
10/24/2007: CheckPwd version 2 A12 is released
10/23/2007: Oracle 11g for Windows is available
10/18/2007: Oracle plugs critical database, application flaws
10/17/2007: Oracle Issues Pile of 51 Security Patches
10/16/2007: October 2007 Critical Patch Update (CPU) is out
10/16/2007: Nice paper on time based blind SQL
10/15/2007: Creating a SYSDBA backdoor
10/13/2007: Oracle October CPU pre-release analysis
10/10/2007: Extreme SQL Injection
10/09/2007: The fastest Oracle password cracker in the world is released!!!
10/08/2007: Weakness in Oracles new 11g authentication protocol
10/03/2007: Nice SQL Injection cheat sheet
10/02/2007: The first Oracle 11g password cracker
09/26/2007: Oracle Security on Windows presentation uploaded
09/23/2007: September 2007 - 3 years of Oracle security blogging
09/22/2007: Oracle 11g Password algorithm revealed
09/19/2007: Oracle 11g Security - part 5 {Playing for time}
09/17/2007: Oracle 11g Security - part 4 {Times and dates and lengths}
09/16/2007: Decompilation - reality or myth
09/14/2007: Using Log Miner for database forensics
09/13/2007: 6 Oracle security presentations added to Oracle security white papers page
09/13/2007: Hacking hardened and patched Oracle databases
09/12/2007: Security analysis of the JInitiator buffer overflows
09/11/2007: Make Oracle PCI compliant
09/09/2007: Oracle security presentations
09/04/2007: Code Breaking
08/31/2007: Oracle 11g Security - part 3 {peek and poke}
08/26/2007: Oracle 11g Security - part 2 {The beginning}
08/22/2007: 11g and Oracle Security
08/21/2007: Oracle Forensics Paper part 6
08/19/2007: Pete Finnigan is now an independant and available for Oracle security work
08/14/2007: Oracle Forensics presentation and a new paper
08/10/2007: 11g is here
08/06/2007: Are security tools a virus or a trojan or even a danger?
07/31/2007: Checksumming on all supported versions of Oracle
07/24/2007: First exploit released for CPU July 2007
07/18/2007: CPU July 2007 is out
07/16/2007: Oracle UK systems accused in 'SSH hacking spree'
07/13/2007: A new Oracle security scanner written in Ruby
07/11/2007: Apex and its security model
07/10/2007: database security bloopers
07/10/2007: More SQL Injection
07/08/2007: Please dont SQL Inject a bank
07/05/2007: Checkpwd updated and also released for Mac
06/29/2007: ERP thesis questionnaire
06/28/2007: Using Field Programmable Gate Arrays (FPGA) to crack passwords
06/23/2007: Script to find all privileges assigned to a user/role - users complaint
06/20/2007: Data breach concerns running rampant, survey finds
06/18/2007: A New Approach to Database Security
06/13/2007: Database Vault presentation slides available
06/12/2007: Imperva launches a free database security scanner
06/11/2007: Nice list of security papers
06/10/2007: Amichai Schulman has started a database security blog
06/05/2007: Valid node checking as a simple free firewall for the database
06/04/2007: Another new paper on Oracle password cracking
05/29/2007: David Litchfield announces Open Software Database forensics toolkit
05/29/2007: Software should defend itself: Oracle CSO
05/29/2007: New paper on Oracle native authentication in 9i and 10g
05/28/2007: A new Oracle security blog in English and German and some Oracle security videos
05/24/2007: A new database security blog talks about propogating middle tier and application user identities
05/24/2007: Security guru blasts Oracle's patching policies
05/21/2007: UKOUG Unix Sig - Hacking and Securing Oracle
05/20/2007: 15 free SQL Injection scanners
05/17/2007: Oracle forensics part 4 - live response
05/15/2007: Oracle BI Suite and Row Level Security
05/11/2007: Getting started with Oracle security
05/09/2007: Oracle audit vault is available for trial download
05/06/2007: Pete Finnigan to speak about Oracle security
05/03/2007: Pete Finnigan UKOUG Leeds April 2007 slides available
04/28/2007: Oracle forensics in a nutshell
04/23/2007: I am speaking at the Northern Server Technology day tomorrow 24th April
04/20/2007: NGS have released an analysis for the April CPU 2007
04/19/2007: Analysis of April 2007 CPU
04/19/2007: Analysis: Automated Code Scanners: False Sense of Security?
04/18/2007: Oracle Updates Leave Critical Windows Flaw
04/17/2007: Oracle Critical Patch Update April 2007 is out
04/17/2007: 103 free security apps for Mac, Windows and Linux
04/17/2007: Milw0rm - Oracle exploits
04/12/2007: A new Oracle Security Apprentice?
04/09/2007: Oracle Assessment Toolkit
04/04/2007: 3 new papers on Oracle forensics
04/03/2007: Argeniss have released a simple Oracle root kit
04/02/2007: Bunker has released a 0-day Oracle exploit
03/30/2007: 2 new exploits for Oracle
03/29/2007: Cesar Cerrudo shows how to find more than 5 local 0-days in Oracle
03/28/2007: Site downtime
03/26/2007: 4 new Oracle exploits released
03/24/2007: SQLGotcha 4.0 beta released on Sourceforge
03/23/2007: Oracle sues SAP for allegedly behaving like it has toward Linux
03/22/2007: Interesting post on previous values in datafiles
03/17/2007: Oracle forensics, UKOUG and blog troubles
03/11/2007: Nice paper on BBED in French
03/06/2007: New paper on Oracle Forensics
03/05/2007: More Oracle exploits
03/05/2007: Researcher charts new, more dangerous Oracle attack
03/05/2007: New attack technique puts Oracle in crosshairs
03/05/2007: Oracle exploits available
03/03/2007: New and Improved Oracle Exploits Coming at Black Hat
02/27/2007: New paper: Cursor injection - attacking Oracle with just CREATE SESSION
02/25/2007: 11i Security papers available
02/23/2007: More on Oracle hacking techniques
02/20/2007: Hacking Oracle, but not in English
02/18/2007: Hacking SYS password added as a pdf
02/16/2007: Oracle TNS Protocol downgrade attacks
02/16/2007: How to hack SYS password without logging into the database
02/15/2007: Oracle 0-day exploit to be released - Blackhat Washington DC database security presentations
02/12/2007: Argeniss are now selling Oracle rootkits!
02/08/2007: Where's Larry? Ellison calls out sick at RSA Conference
02/07/2007: Oracle Database Vault is certified with PeopleSoft
02/05/2007: Detecting rootkits
02/05/2007: Comments are enabled on this blog again
02/02/2007: Users and Schemas
01/31/2007: BBED - Oracle Block Browser and EDitor - A hacker tool?
01/30/2007: Download some free chapters from the Oracle Hackers Handbook
01/30/2007: Oracle Hackers Handbook
01/24/2007: Transparent Data Encryption (TDE) certified for Apps 11i
01/24/2007: checkpwd has been updated to 1.22 and is around 30% faster
01/22/2007: Oracle password crackers just got faster
01/21/2007: Secure Passwords Keep You Safer
01/19/2007: Toolkit of generators and brute force tools
01/18/2007: Details Oracle Critical Patch Update January 2007 - V1.02 released
01/16/2007: Critical Patch Update January 2007 is out
01/16/2007: Definer rights AS SYSDBA security issue?
01/15/2007: new paper on oracle as sysdba connection weakness
01/14/2007: Oracle emulates Microsoft with advance patch notice
01/14/2007: Oracle To Patch 55 Database, App Server Bugs Next Week
01/12/2007: Oracle have announced a CPU pre-release feature
01/10/2007: Great paper on Oracle Applications 11i password weaknesses and decryption
01/05/2007: Teaching an Old Dog New Tricks
01/04/2007: 10 steps to creating your own security audit
01/03/2007: A good blog to watch for Oracle internals and hard to find info
01/01/2007: Stealing Oracle passwords from the wire
01/01/2007: It seems Dizwell has gone, come back (maybe) and gone again
12/29/2006: Happy new year!!
12/23/2006: Integrigy have released a completely new version of their listener check tool
12/21/2006: Oracle 11g will have SHA-1 hashed passwords and case sensitive passwords
12/20/2006: Evading Oracle IDS and audit appliances
12/20/2006: Hacking and hardening Oracle Express Edition - UKOUG 2006
12/12/2006: Oracle XE, where are the security patches?
12/12/2006: Pete Finnigan's InfoSec 2006 paper How to Secure Oracle in 20 Minutes
12/12/2006: SQL Injection, Are Your Web Applications Vulnerable?
12/08/2006: Nice paper on Securing Web Applications
12/08/2006: WinSID an Oracle instance discovery tool is available again
12/07/2006: Pete Finnigan's Oracle Security Masterclass UKOUG 2006 available
12/07/2006: A free PL/SQL fuzzing tool released
12/06/2006: 10.2.0.3 for Linux and Windows is out
12/05/2006: The Best of Oracle Security 2006 (in German)
12/05/2006: Pete Finnigan's UKOUG presentation on FGA, VPD and audit performance
12/04/2006: Tension between security vendors, bug hunters continues to simmer
12/01/2006: Oracle launches identity governance project
11/30/2006: Week of Oracle bugs axed--for now?
11/24/2006: Carelessness Runs Amuck With Zero Day Vulnerabilities
11/23/2006: Week of Oracle zero-days planned
11/22/2006: Oracle in the Crosshairs for Week of Exploits
11/22/2006: Oracle Security Patch Causes Insecurity
11/22/2006: Pete Finnigan's presentation from UKOUG 2006 in Biringham on Encryption
11/21/2006: Argeniss are to release an Oracle 0-Day exploit every day for a week
11/20/2006: Securent Could Be a Fine Addition for Oracle
11/13/2006: UKOUG starts tomorrow
11/08/2006: 10gR2 and failed_login_attempts
11/06/2006: Oracle password crackers
11/03/2006: There is a newer version of the orabf Oracle password cracker available
11/01/2006: checkpwd Oracle password cracker now supports multi-core CPU's
10/31/2006: Jonathan Lewis has a new weblog
10/30/2006: myspace hacked
10/27/2006: Best Practice for securing E-Business Suite updated
10/26/2006: BT buys security outsourcer Counterpane
10/26/2006: Help in handling Oracle vulnerabilities
10/23/2006: Users look for details on Oracle's next database
10/20/2006: Oracle releases 101 patches in quarterly update
10/20/2006: Oracle fixes 101 flaws
10/20/2006: Using procedures to access data only
10/18/2006: Oracle plugs 101 security flaws
10/18/2006: Oracle Issues Monster Security Patch
10/18/2006: Details of bugs fixed in CPU October 2006 released
10/17/2006: October 2006 Critical Patch Update (CPU) is out
10/16/2006: Oracle to provide clearer vulnerability ratings
10/16/2006: Oracle Security Alerts Get Overdue Makeover
10/16/2006: Tmorrow is patch Tuesday - the Oct 2006 CPU is due!
10/14/2006: SANS Oracle S.C.O.R.E. document has been updated
10/13/2006: Security bug in 10.2.0.2 not fixed yet
10/11/2006: Oracle will improve the CPU documentation with the Oct 17th 2006 CPU
10/11/2006: Applying CPU's
10/09/2006: Tom has discovered a PL/SQL oddity
10/08/2006: Data breaches near 94 million
10/07/2006: Using JAZN LDAP for security in Portal
10/07/2006: Some good SQL Injection links
10/06/2006: Oracle 11i and SSO
10/04/2006: A portal exploit or security advice
10/04/2006: Oracle's Security Plans
10/03/2006: SQLGotcha version 3.0 is available
10/01/2006: Oracle promises tighter security for SOAs
09/29/2006: Security professionals at risk from hacking laws
09/29/2006: Ethical hacking in Oracle
09/28/2006: Security Inside
09/25/2006: Eddie on another undocumented function
09/25/2006: Project lockdown
09/22/2006: Only 6% of identity theft can be attributed to data theft.
09/22/2006: Cybercrime Is Getting Organized
09/20/2006: Two years of Oracle Security blogging and still going strong
09/19/2006: Exploit screencasts
09/18/2006: Pete Finnigan at UKOUG 2006
09/15/2006: Cache missing for fun and profit
09/12/2006: IT Underground conference in Rome cancelled at last minute
09/09/2006: Identity theft is becoming main stream
09/08/2006: Nice network trace tool
09/07/2006: Pete Finnigan podcast interview on Oracle security
09/05/2006: Nice idea on audition using trace events
09/04/2006: I will be speaking at the IT Underground in Rome
09/03/2006: Interesting post about protecting PL/SQL
09/03/2006: Nice post by steve about Federal Information Security Management Act (FISMA)
09/01/2006: Nice post on an undocumented function - Reverse
08/31/2006: How not to create user authentication
08/31/2006: Oracle's Ellison to take stage at next RSA confab
08/31/2006: Oracle's Ellison to strut his stuff at RSA 2007
08/30/2006: New additional syndication feeds for this blog
08/30/2006: Application centric security
08/29/2006: Nice post on the Logica blog about LDAP user info
08/29/2006: Duncan speaks about Common Criteria Security Evaluations
08/28/2006: 9.2.0.8 on Linux is out
08/26/2006: Spotlight on Oracle security
08/26/2006: DMZs, SSL, RAC, OracleAS 10g and Oracle E-Business Suite 11i
08/25/2006: Unpatched enterprise security bugs proliferate
08/25/2006: 9.2.0.8 is out for Solaris
08/24/2006: Mr. Know-IT-All's Oracle Security Challenge
08/22/2006: 9.2.0.8 is out for Windows, MVS and HP/UX
08/21/2006: Oracle root kits part 2
08/18/2006: MatriXay a new way to penetration test web apps and databases
08/17/2006: Oracle expert warns of weakness in PL/SQL
08/17/2006: Databases at war
08/17/2006: Oracle Announces General Availability of Oracle(R) Identity Management 10g Release 3
08/15/2006: Stephen Kost has a new Oracle security blog
08/15/2006: Integrating Oracle with the Windows Active Directory
08/14/2006: Oracle Database Patch Sets
08/14/2006: Blinded By The Glare Of Facial Piercings At Black Hat (Or, The One That Got Away)
08/09/2006: Defcon 2006: Oracle not so "unbreakable"
08/08/2006: High bidders with low motives
08/08/2006: How to Unwrap PL/SQL BlackHat las vegas 2006 presentation slides are available
08/07/2006: Tom has an interesting post on Security via obscurity
08/06/2006: BlackHat Last week
07/28/2006: An interesting thread on Alex's DBMS_ASSERT paper
07/28/2006: A new Oracle exploit revealed on the bugtraq list
07/27/2006: SQL Injection video
07/27/2006: How to bypass the protection implemented by DBMS_ASSERT
07/26/2006: Oracle Password Repository
07/24/2006: Blackhat Las Vegas 2006 and unwrapping PL/SQL
07/19/2006: Oracle's summer update fixes 65 flaws
07/19/2006: Oracle plugs 65 security holes
07/19/2006: Oracle Patches 65 Vulnerabilities
07/19/2006: Oracle owns up to patching problems
07/18/2006: Alex has an analysis of CPU July 2006 and also advisories
07/18/2006: All database patches are available this time
07/18/2006: Eric Maurice speaks about the July CPU
07/18/2006: CPU July 2006 is out
07/14/2006: oh the irony...
07/10/2006: Mary Ann speaks - on security testing rules
07/10/2006: Security vulnerability disclosure - part 1
07/07/2006: Nice three part article on FGA
07/07/2006: Where is 9.2.0.8?
07/05/2006: More on SYSDBA caching
07/03/2006: Nice post by Eddie about undocumented pragmas
07/02/2006: Great SQL injection paper
07/02/2006: A follow up on Stephens SYSDBA post
06/29/2006: An interesting post on Stephen's Oracle blog about SYSDBA passwords
06/28/2006: Survey: Hardware, not hackers, usually causes Oracle database downtime
06/20/2006: Social Engineering, the USB Way
06/19/2006: Five best practices for Oracle applications developers
06/19/2006: DB2 Security Glitch Makes IBM Whine
06/13/2006: A blog with some Oracle security entries
06/13/2006: Nice post about identities
06/12/2006: Building a Simple Firewall Using Oracle Net
06/12/2006: The DTI security breach survey is out
06/08/2006: An Expert's Perspective on the VA Data Theft
06/06/2006: 9.2.0.8 is to be a terminal release
06/05/2006: Laurent on mod_plsql
06/03/2006: A nice post about risk based security
06/02/2006: undocumented pragmas
06/02/2006: Oracle blogs aggregator speeded up
06/01/2006: New paper "Oracle Database Security"
06/01/2006: Oracle, vis-a-vis Mary Ann Davidson, attacks poor coding practices
05/31/2006: Views on Mary Ann and an article about buggy code
05/31/2006: Oracle exec hits out at 'patch' mentality
05/31/2006: Oracle mending fences with security researchers
05/31/2006: Oracle's security chief lambastes faulty coding
05/26/2006: Project Lockdown
05/25/2006: Exploiting and protecting Oracle
05/25/2006: Rationalization, Sex, and Oracle
05/25/2006: Tripwire Partners with Oracle® to Enable Enhanced Security and Increased Compliance
05/25/2006: Pete Finnigan blog back on orablogs
05/25/2006: Oracle adds to secure archiving, audit features
05/23/2006: Cisco, others invest $6.3m in Guardium
05/23/2006: Cisco, others invest $6.3m in Guardium
05/23/2006: Security Patch website
05/23/2006: The Patch Impasse: Front line perspectives from enterprise IT
05/22/2006: An excellent post by Lucas about object chnages and RSS feeds
05/22/2006: The hacker resistant database
05/22/2006: Site was down due to power failure at the ISP
05/18/2006: Password recommendations on Eddies blog
05/16/2006: Egor Starostin has a blog
05/16/2006: OraSRP open source SQL Trace profile tool
05/15/2006: David Litchfield has a new blog
05/11/2006: Oracle refuses to learn its lesson, experts say
05/08/2006: Oracle Internals: A good post by Doug about DUDE
05/07/2006: An Oracle security blog from Oracle
05/06/2006: Patched Oracle database still at risk, bughunter says
05/06/2006: Customers Wait for Oracle Security Patches
05/05/2006: Interesting thoughts on the Andrew Max blog about the recent 0-day view issue
05/04/2006: Oracle keeps many users waiting on April patches
05/03/2006: Researcher: Oracle Needs To Patch 44 More Bugs
05/01/2006: Patched Oracle database 'still vulnerable'
05/01/2006: Patched Oracle database 'still vulnerable'
04/30/2006: A quick update on my sites progress
04/28/2006: My site is moving now
04/21/2006: My site is moving so could go down for a short while
04/20/2006: Exploit code available for one of the bugs fixed in April 2006 CPU
04/20/2006: Security expert calls for Oracle makeover
04/20/2006: Argeniss are selling 0-day exploits for Oracle
04/20/2006: DBMS_SCHEDULER as a new alternative for DBMS_JOB by Patrick Sinke
04/20/2006: Oracles default password scanner released with CPU April 2006
04/19/2006: CERT Issues Alert for Oracle
04/19/2006: Alex has released an advisory for his bug in CPU April 2006
04/18/2006: What is amazing is that a lot of CPU patches are not available until May!!
04/18/2006: Oracle has released CPU April 18th 2006
04/17/2006: Happy birthday to Tom's blog
04/17/2006: Unbreakable, Unless You Shoot Yourself in the Foot
04/17/2006: 10 Infamous Moments In Security Research
04/17/2006: Great trip to Seattle to the PSOUG Oracle day 2006
04/14/2006: At the PSOUG Oracle day in Seattle
04/10/2006: Oracle releases, then pulls, zero-day database exploit code
04/10/2006: Oracle-Datenbanken gefährdet
04/10/2006: Oracle Slip-up Results In Leaked Exploit Information
04/10/2006: Oracle has released details of a 0-day vulnerability including exploit code on Metalink
04/10/2006: Back blogging again about Oracle Security
03/24/2006: Mary Ann Davidson has started a blog!
03/23/2006: Oracle have sent out an email to advise customers to patch CPU Jan 2006 for 9.2.0.7 on Linux
03/22/2006: Oracle’s New Search Efforts
03/22/2006: iSQL*Plus will be desupported
03/18/2006: switching from OID to Fedora Directory Server
03/16/2006: Experts unconcerned by RFID virus
03/16/2006: Chaos among PC Users over McAfee Update
03/16/2006: Microsoft goes public with Blue Hat hacker conference
03/13/2006: Fataler Fehlalarm bei McAfee VirusScan
03/11/2006: A site move (not far!) and some planned improvements and changes coming
03/07/2006: Security is the password
03/06/2006: Oracle Security Under Scrutiny
03/06/2006: Oracle on track of secure search
03/01/2006: An idal password reset function - NOT!
03/01/2006: Oracle releases critical, out-of-cycle patch
02/28/2006: Oracle publishes out-of-cycle security fix
02/28/2006: Oracle issues security patch
02/27/2006: Oracle releases an out of step security patch for E-Business Suite
02/26/2006: Oracle Integrating Identity Wares
02/23/2006: Sun's McNealy: Open Source Key To Security
02/23/2006: Lewis has a paper on Oracle security as well.
02/23/2006: Nice presentation by Lewis on Oracle Security
02/23/2006: Pete Finnigan's blog is back on blogs.oracle.com
02/23/2006: Oracle Enterprise Manager now supports Microsoft
02/23/2006: Oracle Identity Management Spurs Global Adoption
02/21/2006: Security's Heaviest Hitters
02/21/2006: A GSEC paper on securing Oracle Collaboration Suite
02/21/2006: Securing Data Warehouses With OID, Advanced Security And VPD
02/21/2006: Tom has a great post about continuity of operations
02/21/2006: Andrew Clarke has a post about Google hacking Oracle
02/21/2006: Security experts see vulnerabilities in embedded databases
02/19/2006: OASIS stamps approval on WS-Security 1.1
02/19/2006: Secure the OEM Encryption Key
02/16/2006: New Oracle blogs aggregator
02/16/2006: pssst, want to read something secret?
02/13/2006: Inside job
02/12/2006: Oracle Starts Melding Security, ID Management Offerings
02/12/2006: Oracle Set to Refresh Key Software Packages
02/11/2006: SourceLabs puts its SASH around Oracle
02/09/2006: Good paper on password policies
02/09/2006: Brian Duff announces that blogs.oracle.com is live
02/09/2006: Oracle defends security record
02/08/2006: Looks like Oracle will have its own blog aggregator and home
02/08/2006: Interesting listener.ora / listener password and VMS error
02/07/2006: Nice thoughts on Oracle internal people finding security bugs
02/06/2006: Inside Oracle's Patch Kimono
02/06/2006: Interesting thought on security advisories
02/05/2006: Oracle have released a FAQ to counter the mod_plsql 0-day bug
02/05/2006: A great snort rule to detect the mod_plsql 0-day bug
02/05/2006: Oracle aims to tone security muscle with Fusion
02/05/2006: leaking information about Oracle databases could be a dangerous thing
02/02/2006: patch set 10.1.0.5 does not include latest security fixes!
02/02/2006: Alex has described a new work around for the mod_plsql 0-day bug
02/01/2006: Stephen Kost (www.integrigy.com) has released an analysis of the mod_plsql 0-day bug / workaround
02/01/2006: 10.1.0.5 is available
02/01/2006: exploit code released for the DB18 AUTH_ALTER_SESSION bug - how to make any user a DBA
01/31/2006: How to connect to the database using Perl - with two way communication
01/31/2006: Information Week on the mod_plsql 0-day bug
01/30/2006: Gartner: Oracle no longer a bastion of security
01/27/2006: An argument rages in the ePress between Oracle and Litchfield
01/27/2006: Many ways to become a DBA presentation updated
01/27/2006: Details published about the mod_plsql 0-day bug
01/27/2006: Interesting comments about the David Litchfield bug and the Duncan Harris interview
01/27/2006: Alex has produced a document detailing the changes made by CPU Jan 2006
01/25/2006: Oracle is advising customers to patch the last CPU very quickly
01/25/2006: David Litchfield has released a workaround for an unpatched Oracle security bug
01/25/2006: Speaking engagements tomorrow and in April
01/25/2006: Harder-to-Detect Oracle Rootkit on the Way
01/25/2006: Oracle have re-released the Linux Jan 2006 CPU patch for 10.2.0.1
01/25/2006: Oracle security joke - a template for journalists
01/25/2006: Doug has some great comments on canned application security
01/25/2006: Oracle's patch application program OPatch is causing acess problems after applying interim patches
01/24/2006: Duncan Harris speaks on Oracle Security
01/22/2006: Alex has produced a detailed analysis of the Jan 2006 CPU
01/22/2006: The CPU Jan 2006 patch for HP/UX Application Server is empty
01/19/2006: Alex has added advisories for 23 security bugs fixed in 10g Release1
01/19/2006: Steven Feuerstein has started a weblog
01/19/2006: Bug DBC02 in CPU Jan 2006 found by Joxean Koret identified
01/17/2006: Red Database Security has released 5 Oracle security bug advisories
01/17/2006: Imperva discovers a critical access control bypass in login bug
01/17/2006: January 2006 Critical Patch Update Oracle security patch is released
01/16/2006: Interview with Oracle's security chief
01/16/2006: Lewis has an interesting post on Easy Connect
01/14/2006: Oracle is finally listening to customers about fix times and security patch quality
01/12/2006: Doug has posted an intersting note about executing of SQL script from URL's
01/12/2006: Dump
01/12/2006: Oracle have released an email warning customers about the latest worm
01/10/2006: Howard has some good advice on protecting against worms
01/09/2006: Justin talks about a new series of papers on Oracle security by Arup
01/09/2006: Oracle database worm mutates
01/08/2006: Oracle 'Worm' Exploit Gets Ominous Tweak
01/07/2006: A tiny digital camera
01/06/2006: up front security
01/06/2006: Frappr is mapping Oracle bloggers
01/05/2006: Niall has a good post - DBA as User
01/05/2006: The slashdot effect can be a problem for other sites
12/31/2005: More detailed analysis of the new Oracle worm
12/31/2005: A new variant of the Oracle Voyager worm is in the wild
12/31/2005: Metacoretex has been hacked
12/30/2005: Spammers again...
12/30/2005: David Knox on secure application roles
12/29/2005: State of the nation: referral spam, comments, content management, dedicated hosting and more
12/24/2005: A very happy christmas to everyone
12/24/2005: A nice paper on listener auditing
12/22/2005: standalone discoverer clients now sso compliant for E-Business Suite users
12/21/2005: Mary Ann Davidson announces that Fortify software will be used to find security holes in Oracle software
12/21/2005: Nice paper on database links
12/21/2005: Oracle Combines Its Identity Management Offerings
12/20/2005: Some more thoughts on the weakness of Oracle database passwords
12/17/2005: A new book "Cryptography in the Database: The Last Line of Defense"
12/16/2005: Another way to monitor the listener log for brute force attacks
12/16/2005: securing apache with Oracle
12/15/2005: The possible complexity level of Oracle database passwords is in question
12/14/2005: Integration Promises Still Haunting Oracle
12/14/2005: Another free Perl script to check the listener log
12/11/2005: A useful perl script to check for listener password brute force attempts
12/10/2005: Arup's new book and some networking
12/09/2005: Good overview of SOA security
12/09/2005: CIS Oracle security checklist referral
12/08/2005: DBMS SIG conference today - A security focus
12/07/2005: I am presenting at the DBMS SIG in Melton Mowbray about Oracle security
12/07/2005: Laurent talks about restricting the power of RMAN
12/07/2005: Oracle PL/SQL for DBA's
12/06/2005: Bugs
12/05/2005: Oracle security checklist
12/05/2005: Some details of listener password exploits
12/04/2005: A sample package to manipulate LDAP
12/04/2005: Nice post about LOG ERRORS potential performance issue
12/04/2005: CPU July 2005 and CPU October 2005 have problems!!
12/03/2005: Pete Finnigan is back after a week away from blogging!
11/25/2005: 0rm has updated orabf the Oracle password cracker
11/24/2005: Oracle Database security checklist from Oracle
11/24/2005: US DoD database security technical implementation guide V7, release 1
11/22/2005: Happy 20th birthday Windows
11/22/2005: A DoD Security Guidelines document for databases
11/22/2005: Some news items about the SANS TOP-20 release
11/22/2005: SANS has released a new top 20 list of vulnerabilities
11/20/2005: Two new speaking events added to my site
11/19/2005: A new Oracle security checklist paper from Oracle
11/19/2005: How many Oracle databases are exposed to the net?
11/18/2005: Listener password management features
11/18/2005: A good comparison between Oracle and SQL Server features
11/18/2005: Determining if a patch set has been applied to an Oracle database
11/18/2005: Laurent on hidden parameters
11/18/2005: David Litchfield has started a blog and talks about the worm
11/17/2005: OracleXE beta 2 released
11/17/2005: David Litchfield has started a database security portal
11/17/2005: Oracle's email on Thor Technologies and OctetString
11/17/2005: LDAP
11/17/2005: Oracle buys two security software companies
11/15/2005: Oracle responds to the password algorithm weakness paper
11/14/2005: Problems with the October CPU discovered
11/14/2005: Disclosure or advertising?
11/12/2005: DBMS_ASSERT can be used to protect against SQL Injection
11/12/2005: Mary Ann Davidson on how to evaluate software security
11/11/2005: Commercial rainbow cracking
11/11/2005: Oracle XE will get upgrades with security fixes rather than patches
11/09/2005: More than 275 new security bugs found last week in the Oracle 10g database
11/09/2005: Many ways to become DBA
11/08/2005: Bruce Schneier blogs about the Oracle password weakness paper
11/08/2005: What Are the Default Restrictions on Oracle Passwords?
11/07/2005: Oracle adds fine-grain features to ID security
11/07/2005: Oracle Worm Proof-of-concept
11/07/2005: CNET news on the Oracle worm
11/07/2005: Voyager worm targets Oracle databases
11/07/2005: A movie about Oracle homeland security solutions
11/06/2005: Oracle alerts customers to the so called voyager worm
11/04/2005: Why Protect Fort Knox Borders But Ignore The Gold?
11/03/2005: Oracle has released a new security vulnerability fixing policy and process
11/03/2005: Mary Ann speaks about security strategy
11/02/2005: Oracle Express - will we get security patches? - I truly hope so
11/01/2005: UKOUG so far
11/01/2005: Oracle worm in the wild
10/30/2005: UKOUG tomorrow
10/30/2005: Oracle Express - friend or foe?
10/29/2005: Some news stories about the josh oracle password paper
10/27/2005: Josh has released a paper about the Oracle password algorithm
10/27/2005: Flaw hunters pick holes in Oracle patches
10/26/2005: Some fight back on Oracle security bugs - old news article
10/22/2005: Exploit circulating for newly patched Oracle bug - It can crash an unpatched database server
10/21/2005: Researcher: Oracle Patch Set Flawed Again
10/21/2005: An example of using DBMS_CRYPTO
10/21/2005: My site was on the BBC 1 breakfast - well a picture of a link to it was!
10/20/2005: Easy connect identifier
10/20/2005: An exploit has been published for database security bug DB27
10/20/2005: Alex has posted an excellent analysis of the CPU Oct 18 database security bugs
10/19/2005: Women who know Oracle and security
10/19/2005: Some news about the CPU October 18 2005 Oracle security patch set
10/18/2005: CPU October 18th a few comments
10/18/2005: Security Critical Patch Update October 18 is out
10/16/2005: comments and how to re-enable them on this blog
10/14/2005: How to encrypt/decrypt strings with the dbms_obfuscation_toolkit package
10/13/2005: Prevention and detection better than cure
10/12/2005: The Age talks about David Litchfields open letter to Oracle
10/11/2005: Security, SOX and Oracle Incentive Compensation
10/10/2005: WebGoat an application to learn how to hack!
10/10/2005: A new paper on SQL Injection
10/08/2005: Some more posts on bugtraq about David Litchfields open letter to Oracle
10/07/2005: Slight correction to the HTMLDB advisories
10/07/2005: Red Database Security has released 6 new Oracle security bug advisories
10/07/2005: Researcher lashes out at Oracle's security effort
10/06/2005: Link to David Litchfields original post
10/06/2005: David Litchfield writes an open letter to the security community and Oracle customers
10/05/2005: OUG Scotland
10/03/2005: Good thread on Oracle brute force password cracking and OUG Scotland
10/03/2005: A couple of papers by Mladen Gogala
10/01/2005: The Six Dumbest Ideas in Computer Security
10/01/2005: Oracle and Sarbanes Oxley
10/01/2005: Amis has a good post on debugging client side SQL*Net
09/30/2005: more failed_login_attempts!
09/29/2005: More details on default failed_login_attempts
09/29/2005: More security help in 10g R2
09/29/2005: Nice example of the new password store in 10g R2
09/27/2005: Quite a nice post about debugging with DBMS_DEBUG
09/26/2005: Another Larry news article on security from OOW
09/26/2005: Larry Ellison speaks about fixing security bugs
09/25/2005: A new paper on a security hole in Application Server Control
09/24/2005: Meet the experts (Oracle Security) at Oracle Open World - an open standard for securing Oracle
09/24/2005: Happy first birthday to my Oracle security blog!
09/21/2005: Oracle Proxy Users
09/19/2005: Some testing of orabf (Oracle password cracker) speed by Marcel-Jan
09/19/2005: A nice fix for the "Overwrite any file via desname in Oracle Reports" bug
09/17/2005: On Security, Is Oracle the Next Microsoft?
09/17/2005: An interesting post on patch scheduling and disclosure
09/17/2005: Google has added a great blog search tool
09/15/2005: Oracle Locks Up 'Federated' App Server
09/15/2005: Alex's SQL Injection advisory is available in German
09/14/2005: Alex has released details about a common SQL Injection vulnerability in Oracle reports
09/13/2005: A small correction to a post about DBMS_SYSTEM.KSDDDT
09/12/2005: Amis talks about the need to remove USER from PL/SQL and SQL code
09/12/2005: Some Perl and problems with referral spammers
09/09/2005: Nice paper by KK Mookhey and Nilesh Burghate - Detection of SQL Injection and Cross-site Scripting Attacks
09/09/2005: 10g Release 2 for Windows is available
09/07/2005: jDUL / DUDE (Database Unloading by Data Extraction) - an alternative to DUL
09/06/2005: archivelog mode - or not?
09/05/2005: Wifred notes that Patch 9.0.4.2.0 has a bug in Oracle forms
09/05/2005: Pre DBMS_RANDOM
09/04/2005: Security firm considers changing its policy on public disclosure of security vulnerabilities
09/03/2005: CPU July 2005 patch set for Application Server Windows 9.0.2.3 has a problem
09/03/2005: Congratulations to Mark Rittman on for Oracle magazines Oracle ACE of the year 2005
09/01/2005: 0rm's Oracle password cracker orabf has been updated
08/31/2005: Alex has added a page to compare the available Oracle password crackers
08/29/2005: A career change and some site revamping
08/27/2005: 1.02 Million hashes/second Oracle dictionary and brute force password cracker available
08/26/2005: Alex has released version 1.1 of Checkpwd - the Oracle dictionary password cracker
08/25/2005: Full disclosure list: Summary of the password algorithm and a C code plug-in for John The Ripper password cracker
08/25/2005: A correction to the author and URL for orabf.pl
08/24/2005: A perl script to brute force database connections
08/24/2005: Alex Kornbrust has released a Linux version of his Oracle password cracker
08/23/2005: A second thread on c.d.o.s. about the Oracle password algorithm
08/23/2005: Red Database Security has released more Oracle password algorithm information
08/23/2005: Details of the Oracle password algorithm were revealed by its creator in 1993
08/23/2005: undocumented Oracle?
08/22/2005: Red Database Security has released a standalone Oracle password cracker
08/22/2005: New Online MD5 Hash Database
08/22/2005: Crack Oracle Security like a peanut!
08/22/2005: A short download of Tom Kytes new book is available
08/19/2005: Radoslav Rusinov's Blog and mod_plsql passwords in clear text
08/19/2005: Alex Kornbrusts Black Hat presentation on reverse engineering Oracles encryption packages
08/18/2005: Doug talks again about ? and catpatch.sql
08/18/2005: Bell Labs Dept 1127 has finally gone
08/17/2005: My site and Blog are available again
08/16/2005: OPatch, wherefore art thou?
08/16/2005: Is it just me or is Orablogs not reachable again?
08/16/2005: Hashattack 2.0 tool : ooops incorrect link on the tools page
08/15/2005: Two excellent papers on a new method to combat parameter validation and SQL Injection
08/15/2005: Robert shows how easy it is to read data from websites directly into the database
08/14/2005: The rise of Oracle blogging
08/14/2005: Oracle Security expert: More developer education is needed
08/12/2005: Prime number researchers put encryption algorithms such as RSA at risk
08/12/2005: New TNS protocol full client available for testing listener security
08/11/2005: Hashattack - Oracle password tool update to version 2.0
08/11/2005: A good page describing Oradebug
08/11/2005: Some good tips on Dougs blog?
08/09/2005: Oracle simplifies SOAs
08/08/2005: slashdot discussion about Mary Ann Davidsons recent news article
08/08/2005: Joshua Wright has provided a free tool to check Oracle accounts for common passwords
08/06/2005: 10gR2 the CONNECT role has finally been sanitized
08/05/2005: Database Vendors Shouldn't Kill the Messenger
08/05/2005: Esteban Martínez Fayó has a fantastic black hat presentation on SQL Injection
08/04/2005: 10g Release 2 is available for download for Windows
08/04/2005: Some response to Mary Ann's article
08/01/2005: Demystifying MS SQL Server & Oracle database server security
08/01/2005: Black Hat Confab to Spotlight Database Security
08/01/2005: Ingrian DataSecure - A network appliance based encryption solution
08/01/2005: Security Matters
07/29/2005: VeriSign boosts security with iDefense acquisition
07/29/2005: Grid Group Issues Security Requirements
07/28/2005: iDefense ups the bidding for bugs
07/28/2005: Oracle's 10g Encryption Feature Is a Fine First Step
07/27/2005: Mary Ann Davidson fights back - When security researchers become the problem
07/27/2005: web seminar for Oracle roadmap of Oblix integration
07/27/2005: Oracle's encryption not secure, researcher says - Alexander Kornbrust plans to detail his findings at Black Hat
07/27/2005: Oracle Patches Its Security Patches - Database patches fix flaws found in previous fixes
07/25/2005: New Oracle Security Forum opened
07/23/2005: [Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package
07/23/2005: Oracle's correction to the April CPU patch email has been posted to Bugtraq
07/22/2005: Oracle Confirms Holes in Two Latest Patch Sets
07/22/2005: David Litchfield sets the record straight
07/22/2005: More problems with the April Critical Patch Update - does it ever stop?
07/22/2005: A list of all the news articles about Alex Kornbrusts advisories
07/21/2005: An Oracle spokeswoman speaks to TheAge
07/21/2005: a retro news article : Ellison: Oracle remains unbreakable
07/21/2005: More trouble looming for Oracle? - Black Hat is next week - there are 4 talks about Oracle Security
07/21/2005: The Register talks about the bugs
07/21/2005: Six Unpatched Flaws in Oracle Database Products
07/20/2005: Oracle researcher announces high-risk database flaws
07/20/2005: A couple of bloggers talk about Oracle's unpatched bugs
07/20/2005: Oracle-Patches mehr als 600 Tage überfällig
07/20/2005: Oracle Simplifies SOA, Web Services Security
07/20/2005: Why it is important to encrypt credit card information
07/20/2005: Security experts round on Oracle over unpatched holes
07/20/2005: Oracle dragging heels on unfixed flaws, researcher says
07/19/2005: Sun has released an alert notification (15 July 2005) about multiple security vulnerabilities in Oracle affecting SunMC
07/19/2005: A Russian language news article about unfixed Oracle security bugs disclosure
07/19/2005: Red Database Security releases security advisories for high risk unfixed Oracle bugs
07/16/2005: More news on silent fixes in CPU July 2005
07/15/2005: A good German new item on CPU 12 July 2005
07/15/2005: Oracle are asking customers to download CPU July 2005 for 10.1.0.x again as there is a problem
07/15/2005: Oracle has been silently fixing security bugs in CPU July 2005
07/14/2005: Internet News talks about Oracles latest Critical Patch Update
07/14/2005: Grant talks about securing Forms applications with SSL
07/14/2005: Same problem again as April CPU - CPU July 2005 failed to fix a bug it says it did fix
07/13/2005: Oracle Simplifies SOA Security
07/13/2005: SearchSecurity.com has a good news story about CPU July 2005
07/13/2005: Computer World is also talking about CPU July 2005
07/13/2005: ZDNet news talks about the Critical Patch Update 2005
07/13/2005: Security advisories released detailing 4 of the bugs fixed in CPU July 2005
07/12/2005: Self signed SSL certificates with JInitiator
07/12/2005: CPU 12 July 2005
07/12/2005: Critical Patch Update July 12 2005 is available
07/12/2005: A great new free Oracle instance discovery tool - WinSID
07/11/2005: Two security bugs found and reported to Oracle in 10g Release 2 already!
07/11/2005: The next Critical Patch Update is due tomorrow - 12 July
07/11/2005: European software patents have been ditched
07/08/2005: Paying a ransom to read your data
07/08/2005: Is it possible to check whether Oracles CPU update emails are *real*?
07/08/2005: David Litchfield has released an advisory for the recent CPU 12 April vulnerabilities
07/07/2005: Oracle have issued a second email with another exploitable vulnerability in 10.1.0.2 in CPU 12APR
07/07/2005: Oracle have issued an email alert that CPU April 2005 is vulnerable to exploit
07/07/2005: I have updated my RSS feed to output 40 words instead of 20
07/07/2005: Oracle 10g Release 2 is available for Linux X86
07/07/2005: Oracle 10g Release 2 is available for Linux X86
07/07/2005: Some spiffy new security bits in 10g Release 2
07/06/2005: 10g Release 2 allows deletion of datafiles
07/05/2005: orablogs is back
07/05/2005: Reverse engineering patches!
07/05/2005: Off Topic: I have started a second blog on web development
07/04/2005: Frank talked about form-based authentication with struts
07/02/2005: A new sample installation session for Oracle Password Repository (OPR) version 1.1.8
07/02/2005: Oracle Password Repository (OPR) is updated to version 1.1.8
07/01/2005: whilst on the subject of orablogs - version 2 is in the wings
07/01/2005: Orablogs still seems to have DNS issues
07/01/2005: Marcus Ranum interview on Security Focus
06/29/2005: 10g Release 2 PL/SQL and SQL new features
06/29/2005: A security issue with OPR version 1.1.7
06/28/2005: Niall says Oracle 10gR2 should be out on June 30 - for Linux
06/28/2005: Protecting network based storage
06/28/2005: A new version of OPR is released
06/27/2005: Installing Oracle Password Repository (OPR) - a walk through
06/26/2005: Ed informs us that 10gR2 should be out this month
06/24/2005: An excellent XSS cheatsheet
06/24/2005: Frank talks about Bruce Schneier's book "secrets and lies"
06/23/2005: Grant talks about patch 2 for 9.0.4 for certified Linux and Mac clients
06/23/2005: Doug followed up on DBA_REGISTRY
06/23/2005: Orablogs seems to be down - or maybe not!
06/22/2005: Pete Finnigan is now a member of the Oaktable network
06/21/2005: An issue with DBA_REGISTRY
06/20/2005: 10gR2 adds a "wrap" package procedure, TDE and makes DBMS_OUTPUT output unlimited
06/20/2005: Security is a major force in the new 10g Release 2 database
06/18/2005: OT: RSS fixes just done
06/18/2005: Changed my RSS feed to spit out the first 20 words and a link to the entry
06/17/2005: An interesting alternative technique to crack passwords
06/17/2005: Britain's hi-tech crime wave
06/17/2005: Oracle unveils its identity management suite
06/16/2005: Another great Windows internals site
06/14/2005: A nice Windows internals website
06/14/2005: Brian talks about why JPasswordField.getText() is deprecated
06/13/2005: A book on Peoplesoft for the Oracle DBA
06/12/2005: Shay talked about version control through JDeveloper
06/11/2005: OT: Another Apple post
06/10/2005: Interesting post in Amis about "who called me"
06/10/2005: A truss like tool for IBM AIX and a file undelete program
06/10/2005: Oracle reinforces their identity management software offerings
06/09/2005: Default passwords for Oracle BPEL Process manager
06/08/2005: Debu talked about EJB security hole
06/07/2005: Wait even enhancements in 10g
06/06/2005: ooops forgot the link
06/06/2005: DBA Audit 2.5 - An interesting audit product.
06/04/2005: OT: A book on how to build an Apple 1 replica
06/03/2005: SANSFIRE is coming up very soon
06/03/2005: A good book on reverse engineering
06/01/2005: Steve has improved his Custom JDBC URL example
06/01/2005: An interesting post about PeopleSoft and Oracle
06/01/2005: Steve has added an undocumented sample for fixed JDBC credentials
05/31/2005: Alex has released his paper on metalink hacking
05/30/2005: Chris was also talking about Alex's 42 bugs found in Metalink
05/30/2005: 42 security bugs found in Oracle's Metalink database - Some serious!
05/28/2005: A new short paper on Alex's site - How to change XMLDB Ports
05/28/2005: JHeadstart has some new features slated for the next release
05/28/2005: An interesting post on Frank's blog about calling PL/SQL from Java
05/26/2005: Alex is to talk at ITUnderground Warsaw and DOAG Freiburg
05/25/2005: Scarlet Pruitt's interview with Mary Ann Davidson is out
05/24/2005: IDG were scheduled to interview Oracle's CSO
05/24/2005: Oracle Password Repository (OPR) has been update
05/22/2005: A good list of Oracle discussion resources
05/21/2005: orablogs is back
05/21/2005: How to check which users can access the view DBA_USERS
05/20/2005: A good description of some of the Oracle default accounts
05/18/2005: A good paper on Oracle's random number generator
05/17/2005: SQLGotcha is on freshmeat
05/16/2005: nice paper by Doug Burns on Oracle parallel execution tuning
05/16/2005: A news aggregator
05/16/2005: Nice paper by Jonathan on DUAL internals and intricacies
05/15/2005: Marcel-Jan has an interesting tool on his site called SQL-Gotcha
05/13/2005: A select only user causing locks?
05/13/2005: Very interesting undocumented feature on Amis
05/12/2005: Nice list of Oracle's default ports
05/12/2005: Alex has an interesting new paper on modplsq and mod_plsql passwords
05/11/2005: A nice paper on latch internals
05/11/2005: Useful PL/SQL function that returns an MD5 sum for a string
05/10/2005: A great example of information leakage!
05/09/2005: Richard talks about diagnostics support pack and applications collection tool (ACT)
05/09/2005: Amis blog has a good paper on SQL quirks
05/07/2005: Tom writes about anonymous postings
05/05/2005: Another nice flashback paper
05/05/2005: Nice post on Amis about flasback
05/05/2005: Tug has an interesting post on software terrorists
05/05/2005: Follow up on direct appplication repository access
05/04/2005: alpha copies of two chapters of Tom's new book are available
05/04/2005: Interesting security news item
05/04/2005: Who_has_priv.sql, who_can_access.sql and who_has_role.sql updated
05/02/2005: Alex has updated his Oracle exploits page to add 5 more exploit codes
05/02/2005: Red Database Security issues two new Oracle security advisories
05/01/2005: A free script to find hidden users in your database
04/30/2005: Alex has added an Oracle exploits page to his site
04/30/2005: SmartDB Upgrades Oracle Migration Tool
04/29/2005: Mark has a post about Oracle's talks to buy Siebel
04/29/2005: There is a security problem with Critical Patch Update April 2005 and alert #65
04/29/2005: Tim Gorman has updated his excellent fileprobe.sh script
04/29/2005: Direct dictionary access again
04/28/2005: Ed also talked about Tom and direct dictionary editing
04/28/2005: Alex has a new paper on Yahoo hacking and Oracle
04/28/2005: Alex has a new paper on Yahoo hacking and Oracle
04/28/2005: Mark has made an update post on his SOX compliance
04/27/2005: Mark Coleman talks about Oracle and SOX compliance
04/27/2005: Alex has added days to fix to his Oracle security advisories
04/26/2005: A new paper on Oracle database passwords
04/26/2005: Alex Kornbrust has today released 3 new Oracle security advisories
04/26/2005: Tom talks about direct dictionary editing
04/25/2005: View privileges
04/25/2005: reading redo logs - The hard way
04/25/2005: Frank has a good post about security vulnerability reporting
04/23/2005: Some updated links on my Oracle security papers page
04/22/2005: Frank has a nice document recommendations
04/22/2005: A free version control e-book
04/20/2005: Tom Kyte has started a blog
04/19/2005: Frank has a good review of a secure coding book
04/19/2005: More insights to CPU 12 April and public exploit code
04/18/2005: Esteban Martínez Fayó releases his security advisories for CPU 12 April
04/18/2005: Making Oracle Forms more secure
04/18/2005: Jared Still has a new paper on protecting passwords
04/17/2005: Interesting analysis of CPU 12 April - "To patch or not to patch"
04/17/2005: Frank has a fix for Forms 10.1.2 for the SQL Injection issue
04/16/2005: Another news item about CPU 12 April
04/16/2005: Amis blog talks about recompling objects
04/15/2005: Another interesting Oracle-l thread on Oracle security auditing
04/15/2005: An interesting thread on Oracle-l about BBED
04/15/2005: Another CPU April 12 news item from eweek
04/14/2005: CPU 12 April researchers advisories
04/14/2005: CIS Oracle benchmark has been updated
04/13/2005: InternetNews.com has a news item about CPU 2
04/13/2005: SearchSecurity.com talks about the Oracle CPU April 12 patch release
04/13/2005: Oracle ships patches seeded with message digest data
04/12/2005: CPU April 12 - 2005 is released
04/12/2005: Debu has an interesting pointer to an Oracle security paper
04/12/2005: CPU - April 12 is coming?
04/12/2005: Frank talks about the OWASP security conference
04/12/2005: Alex Kornbrust has released a new paper "SQL Injection in Oracle Forms"
04/11/2005: O'Reilly CodeZoo
04/09/2005: An interesting post by Mark
04/08/2005: Alex Kornbrust has a new paper on google hacking and Oracle
04/06/2005: SearchOracle has an excellent Oracle security links page
04/05/2005: Amis Blog talks about writable external tables
04/04/2005: Pete's audit scripts updated
04/03/2005: Alex Kornbrusts repscan tested and added to oracle security tools page
04/02/2005: identity theft and database security
04/02/2005: Alex Kornbrust has presented at Blackhat Amsterdam on Oracle Rootkits
04/01/2005: New presentation on advanced SQL Injection
04/01/2005: A good paper about debugging XSLT
03/31/2005: Mark Rittman talks about Fine Grained Access Control
03/31/2005: NCipher have made product updates
03/31/2005: How the secret service decodes encrypted evidence
03/30/2005: A Cuckoo's egg
03/30/2005: Before I forget, some bloggers have been talking about Oblix / Oracle as well
03/30/2005: Some news reports about Oracle's purchase of Oblix
03/30/2005: Oracle buys oblix
03/28/2005: Ben talks about 10g flashback
03/28/2005: Amis blog talks about logging data in the same table
03/26/2005: Kevin Mitnik: New book "The art of intrusion"
03/26/2005: A new free Java based Oracle password management tool
03/22/2005: Jonathan Lewis on Row Level Security - part 2
03/19/2005: The JHeadstart blog talks about J2EE authentication and authorization with JHeadstart
03/19/2005: Mark Woan's GUI .NET password check tool updated link
03/14/2005: A GUI default password checking tool
03/11/2005: Sean Hulls weblog site is back up
03/10/2005: Jonathan Lewis on Row Level Security
03/09/2005: Google desktop search
03/09/2005: Oracle have made some big updates to alert #68
03/08/2005: Frank has an example on simple J2EE form based authentication
03/08/2005: Nice listener.log error parsing script
03/07/2005: Howard Rogers has started a new Oracle forum
03/06/2005: Alex has a new presentation on hardening Oracle client PC's
03/06/2005: Jared Still has a new site
03/05/2005: Sean Hull has started a weblog based around Oracle and open source
03/04/2005: Amis Blog has an interesting entry on multiple listeners
03/03/2005: Comments, spam and statistics spiders
02/25/2005: Interesting news post about Mary Ann Davidsons comments on security education
02/18/2005: Alex Kornbrust has updated his upcoming security alerts page
02/13/2005: Alex Kornbrusts Hardending Oracle Application Server presentation is now in English
02/11/2005: Alex has presentation notes available and a forthcoming paper
02/10/2005: tracing inside a PL/SQL procedure
02/09/2005: Google hacking and reverse engineering Java
02/09/2005: Use of Windows login details - single sign on for web applications
02/09/2005: Further advice on catpatch.sql
02/08/2005: Ed Has another post in the catpatch.sql series
02/08/2005: Oracle Security Tools page updated
02/07/2005: port 1521 and redirection
02/06/2005: Another undocumented parameter in use (_ash_enable)
02/05/2005: A password repository for Oracle
02/04/2005: New paper from Aaron Newman - Search Engines used to attack the database
02/04/2005: Google hacking search string database
02/04/2005: Alternate URL for Yong's site
02/03/2005: A very good paper about weaknesses in password security
02/03/2005: Tom talks about encrypting passwords in the database
02/02/2005: A repository of security papers - SecurityDocs.com
02/02/2005: Yong Huang's web site is excellent
02/01/2005: Google hacking is on the up!
01/31/2005: Happy birthday to orablogs.com
01/31/2005: A script to call SQL*Plus without hardcoding passwords
01/30/2005: Andrej Koelewijn talks about google stopping comment spam
01/29/2005: Some interesting comments about CPU - Jan 2005 on c.d.o.s
01/28/2005: Interesting thread on Oracle-l about ftp'ing data into the database
01/28/2005: A bad way to migrate a database or a good way to retrieve crashed data
01/27/2005: Frank has a great blog entry about web application security
01/27/2005: Steve talked about an undocumented page on his site
01/26/2005: default passwords and Oracle default passwords
01/26/2005: Brian talks about site registration
01/25/2005: Updated internals and Oracle applications security page
01/25/2005: Amis blog talks about LOG4PLSQL
01/24/2005: Tom talks about proxy users
01/24/2005: Integrigy releases a useful impact analysis paper on CPU - Jan 2005
01/23/2005: Steve Kost has released an Integrigy advisory for CPU - January 2005
01/22/2005: oops missed off the link
01/22/2005: In the news page updated
01/22/2005: Michael Singer on Oracles Critical Patch Update
01/21/2005: Translation of www.Heise.de German news article
01/20/2005: Search Oracle talks about the Critical Patch Update
01/20/2005: Alexander Korbrusts upcoming Oracle security bugs
01/19/2005: Alexander Kornbrust has an advisory for CPU - January 2005
01/19/2005: Another critical patch update news article - In German
01/19/2005: Eweek talks about the Critical Patch Update - January 2005 release
01/19/2005: Two news items about Oracles new security advisory
01/18/2005: Security alert released by Pete Finnigan
01/18/2005: Critical patch update - January 2005 is out
01/18/2005: The first Oracle security alert for Jan 18th - First quarterly scheduled security patch
01/18/2005: More on Sarbanes Oxley and Oracle
01/17/2005: HTML Kit
01/16/2005: Penetration testing research and cost effective security
01/15/2005: Great tool for security checking a PC
01/14/2005: Adam Martins Oracle password cracker seems to not be available
01/14/2005: Searching metalink from the MS search bar
01/13/2005: Sarbanes Oxley and Oracle
01/13/2005: Security ethics in vulnerability disclosure
01/12/2005: Amis blog has an entry all about OpenVPN
01/12/2005: Nice paper on checking Oracle password strength and enforcing it
01/11/2005: Howard Rogers has a good article about database links
01/11/2005: Daily, weekly, monthly checklists
01/10/2005: A nice simple DBMS_OBFUSCATION_TOOLKIT example by Nimzo Benoni
01/09/2005: Becoming another user
01/08/2005: CREATE SCHEMA - does it do what it says on the tin?
01/07/2005: Schema difference tool
01/07/2005: Does January 18th have special significance for Oracle?
01/05/2005: We have moved
01/05/2005: Frank has an interesting post about the movie Troy
01/04/2005: Frank has a review of Bruce Schneier book "Beyond Fear"
01/03/2005: Nice article on SQL Injection
01/02/2005: Some updates to the Oracle default password list
01/01/2005: Oracle security and content management
12/31/2004: Happy new year for 2005
12/30/2004: A free Perl based Log Analysis tool
12/29/2004: Role based security management in Oracle designer
12/28/2004: XML DB Beta program for Oracle 10g release 2
12/28/2004: Stefan talks about finding the cluster interconnect IP address
12/27/2004: Encrypting JDBC thin connections with SQL*Net
12/27/2004: Alert 68 vulnerabilities have been made public
12/24/2004: Web site statistics page added
12/24/2004: Amis blog has an intersting entry about a CJ Date seminar
12/23/2004: All the JDeveloper presentations from Oracle Open World
12/23/2004: Bruce Schneier talks about google desktop search security
12/22/2004: SYS.USER_ASTATUS_MAP missing values solved
12/21/2004: Database user account status's in SYS.USER_ASTATUS_MAP
12/21/2004: Mark has a good post about the new 10g Release 2 version
12/20/2004: Tools page updated
12/20/2004: Sitemap generation tweaked
12/20/2004: Disabling Oracle writes into NT event log
12/19/2004: Post about setting up and using autotrace
12/19/2004: Edwards post on Java running in the database
12/19/2004: Brian has a nice post about JDeveloper debugging
12/18/2004: Mark has found a good paper on programming Java in stored procedures
12/17/2004: Tools page updated
12/17/2004: Another good point about read only users
12/17/2004: Creating a read only user
12/16/2004: Howard Rogers on dropping the DBA, CONNECT and RESOURCE roles
12/16/2004: An interesting discussion about revoking privileges from SYS or DBA
12/16/2004: Information leakage and goole hacking
12/16/2004: Colin Maxwell talks about the issues of encrypting binary attachments
12/16/2004: PeteFinnigan.com newsletter will be re-launched soon
12/15/2004: Amis blog talks about SQuirrel - an open source database tool
12/15/2004: Frank has a nice post about improvements to web application security
12/14/2004: Arup Nanda has a paper on Oracle Security Auditing part 1 on dbazine.com
12/14/2004: sitemap added to PeteFinnigan.com
12/14/2004: Jonathan Lewis talks about the hidden benefits of Oracle 10g
12/13/2004: A useful post on c.d.o.s about ADMIN_RESTRICTIONS_{listener_name}
12/13/2004: Niall has clarified the ODBC trace issue
12/12/2004: Comments have been disabled from my weblog
12/11/2004: News.com article : Finally, a sensible security scheme
12/10/2004: Justin Kestelyn sums up Oracle Open World
12/10/2004: Oracle have made a press release about the database 10g release 2 announcement
12/10/2004: Oracle 9.2.0.6 patch set is now available for Linux
12/09/2004: Frank has a good example of simple J2EE form based authentication for ADF UIX
12/09/2004: The OOW keynotes are available online at OTN
12/09/2004: Justin talks more about the 10g R2 keynote at OOW
12/09/2004: Addendum to yesterdays auditing SQL from black box third party applications
12/09/2004: Two more accounts of the Chuck Rozwat 10g R2 keynote at OOW
12/08/2004: Oracle Database 10g Release 2 keynote at Oracle Open World
12/08/2004: Auditing the SQL a black box application submits to the database
12/07/2004: Mary Ann Davidson held a guru chat session at OOW
12/07/2004: Colin tells us the WS-Security Jars are not available with the developers release
12/06/2004: SANS announces the new Securing Oracle training course
12/06/2004: 10g Release 2 on the way?
12/05/2004: Ed's final post in the issues with not running catpatch.sql is there
12/05/2004: Howard Rogers has started a web log
12/04/2004: Edwards next post in the series of catpatch.sql issues.
12/03/2004: Next Edward Stangler post in the missing catpatch.sql series
12/02/2004: Three great papers on shell codes and encoding and decoding
12/02/2004: Ed's latest post in the catpatch.sql series - missing SELECT ANY DICTIONARY PRIVILEGE
12/01/2004: Another great recovery disk - This time a CD
12/01/2004: Application Security Inc has made a search page available for the ploicy check list
11/30/2004: Edward Stanglers next post in the not running catpatch.sql series
11/30/2004: Buffer overflows and hacking book list
11/30/2004: Tools page updated
11/30/2004: Ed had an interesting post yesterday about $ tables, DBA views and x$ tables
11/29/2004: A good list of Oracle security check items
11/29/2004: A live file system Linux floppy disk rescue system
11/29/2004: oops no link!
11/29/2004: Edward updates us on his catpatch.sql posting
11/28/2004: Looks like 9.2.0.6 is available on more platforms now
11/28/2004: Frank Nimphius paper on J2EE security in Oracle ADF
11/27/2004: Edward Stangler talks about running catpatch
11/26/2004: James Morle's book is available as a free pdf
11/26/2004: Oracle 9.2.0.6 and alert #68
11/26/2004: Mark Rittman talks about Trace format utilities
11/25/2004: Colin Maxwell talks about reducing the scope for encryption
11/25/2004: A new paper on HTMLDB and VPD
11/25/2004: event 28131, event 28119 and Row Level Security
11/24/2004: And still more news stories
11/24/2004: Frank has two interesting blog entries that relate to security
11/23/2004: Oracle secalert_us have sent out emails to tell some customers about the quarterly patch schedule
11/23/2004: Updates to the default password list and checker for SAP default users
11/23/2004: Frank Nimphius talks about displaying the authenticated username in ADF UIX using EL.
11/22/2004: Amis blog - shows how to create a certificate and configure OC4J to use it
11/22/2004: Two new books on Oracle security received
11/22/2004: And more...
11/22/2004: OraDep - A tool for analysing dependencies
11/21/2004: Frank Nimphius talks about showing/hiding UIX components based on isUserInRole()
11/21/2004: And there was more news...
11/20/2004: More news on the new patch schedule
11/20/2004: eweek: "Alleged Oracle Scammer: I Am Not a Crook"
11/19/2004: Three more news sites are talking about the new patch schedule
11/19/2004: An interesting example of information leakage posted to my blog entry
11/19/2004: Michael Singer of Intenet News talks about Oracles new patch schedule
11/19/2004: Slight update to the default password check scripts
11/18/2004: An interesting case of information disclosure
11/18/2004: Colin Maxwell talks about WS-Security in JWSDP 1.5
11/18/2004: Update to remote_os_authent=true post
11/18/2004: Oracle announce critical patch update schedule - beginning January 18 2005
11/17/2004: Two more "takes" on the Gartner / Oracle exploit information release reluctance
11/17/2004: Oracle Users Should Take Security Patch 68 Seriously
11/17/2004: Interesting post about PUBLIC privileges in 9.2.0.6
11/16/2004: 600 Oracle default usernames/passwords available
11/16/2004: Frank Nimphius has an entry about Bruce Schneier in his web log
11/16/2004: Colin Maxwell talks about keytool and keystores
11/15/2004: Default password lists and updates
11/14/2004: Exploits and blog software
11/13/2004: Interesting discussion on DBMS_SUPPORT versions
11/12/2004: Hack notes books
11/12/2004: Oracle VP database and server technology in Germany talks about Oracle patch schedules
11/11/2004: Colin Maxwell talks about securing web services using JDev and WS-Security
11/11/2004: Frank Nimphius talks about disabling Forms builder security in 10g
11/11/2004: Restricting object creation and alteration privileges
11/10/2004: Small update to the default password check scripts
11/10/2004: Patch set 9.2.0.6 for Win32 is causing debate
11/09/2004: A new Oracle default password checking tool is available
11/09/2004: Amis blog - Script to clear out a users schema
11/08/2004: A lot of new pages on my site
11/07/2004: Two great papers and tools by Tim Gorman
11/06/2004: Post on ORACLE-L : Exploring Oracle November 2004 and REMOTE_OS_AUTHENT
11/05/2004: Patrik Karlsson releases OScanner - A new free Oracle security vulnerability scanner
11/05/2004: Oracle passwords : A few not too well known facts
11/04/2004: Howard Rogers has a new ebook out
11/04/2004: Don Burleson: Oracle fraud alert
11/03/2004: Nice four part paper on label security by Jim Czuprynski
11/02/2004: The 9.2.0.6 patch set is out
11/02/2004: Can application names be changed to spoof logon triggers?
11/01/2004: Another good paper by Howard Rogers on read-only tables
10/31/2004: Howard Rogers new paper on secure application roles
10/30/2004: Interesting question about Sarbanes-Oxley on Oracle 7.3.3
10/29/2004: Can I connect to the database as the user PUBLIC?
10/29/2004: PeteFinnigan.com white papers section updated for Roby Sherman papers
10/29/2004: Brian Duff talks about connecting to Oracle servers with ssh
10/28/2004: massive data theft from a database in California
10/28/2004: interesting thread on how to secure a third party application
10/28/2004: Tales of the Oak Table - Dave Ensors comments on Oracle security
10/27/2004: more info on DBMS_SYSTEM.KSDWRT
10/27/2004: Oracle applications auditing
10/27/2004: Allowing a user read-only access to stored procedure source code
10/26/2004: Writing to the alert log
10/26/2004: 2 new books on Oracle security
10/26/2004: Frank Nimphius talks about JAAS and declarative J2EE security
10/25/2004: Another issue with alert 68 on AIX 32 bit
10/25/2004: Oracle issue an ALERT note saying use of OPatch for multiple patches can corrupt the inventory
10/25/2004: Ken Jacobs talks about the monthly patch release cycle
10/24/2004: technewsworld.com says "Oracle's Security Luck Runs Out"
10/24/2004: Steve Feuerstein talks about best practices for NDS in 10g
10/23/2004: Is setting trace a security risk? - part 1
10/22/2004: You can search inside the SANS Oracle security step-by-step guide
10/22/2004: check_parameter.sql : script added to my tools page
10/22/2004: new shell for Windows
10/21/2004: Auditing DBA's?
10/21/2004: some interesting comments on ORACLE-L about alert #68
10/21/2004: More direct SGA access
10/21/2004: The code for the SANS Oracle security step-by-step book has had a small update
10/20/2004: Internetnews article : "Customers Gripe About Oracle's Patch Plan"
10/20/2004: More SQL Injection: A paper on Oracle SQL Injection by Stephen Kost
10/20/2004: creating read only tables
10/19/2004: An interesting SQL Injection paper
10/18/2004: A tuning book and security?
10/17/2004: Listener security guide
10/16/2004: computerworld have also picked up the patch quickly story
10/15/2004: where is the next monthly patch?
10/15/2004: eweek article on alert #68 discusses public exploit availability
10/15/2004: who_can_access.sql : a script to find uses and roles that can access a particular object
10/14/2004: SQL Injection papers
10/14/2004: Scanning for Oracle databases on your network
10/13/2004: expired passwords, ORA-01045 and password changes
10/13/2004: People are now looking for alert 68 exploits!
10/12/2004: which special characters can be used in Oracle database passwords
10/11/2004: preventing password leakage with SQL*Loader
10/11/2004: Oracle 9i union flaw
10/10/2004: Oracle remids all customers to apply Patches for alert #68
10/09/2004: who_has_priv.sql : script to find user who have been granted a system privilege
10/07/2004: Tools page has been updated again
10/07/2004: Hiding literal strings in PL/SQL
10/06/2004: Howard Rogers writes about Virtual Private databases
10/05/2004: who_has_role.sql : A script to find which users and roles have been granted a role
10/03/2004: PeteFinnigan.com Tools page updated
10/02/2004: find_all_privs.sql : A script to find all privileges allocated to a user or role
09/30/2004: Oracle announce that clients also need patching for alert #68
09/28/2004: Creating read only users
09/26/2004: Oracle Database 9i SQL Command Buffer Overflow Vulnerability
09/25/2004: eweek article: Oracle Users Take Aim at High Costs, Security Silence
09/24/2004: KK Mookhey writes about auditing Oracle security
09/23/2004: The SANS S.C.O.R.E. Oracle security checklist has been updated
09/22/2004: Arup Nanda is interviewed about the Oracle security patch nightmare
09/22/2004: Truncating the audit trail
09/21/2004: Are your system triggers firing?
09/20/2004: A new Oracle security based weblog