Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
I just saw the first post about new vulnerabilities in the Oracle database on the bugtraq mailing list at Security Focus. The post was made about one hour ago by NGS. The post is titled "Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i" and discusses multiple bugs that have been found and fixed in the first of the new quarterly patch schedule fixes. They also have announced as they did with alert 68 that they will withold details of the actual bugs they have found until April 18 - 3 months later so that customers can get patched first. The post also suggests customers should go to Metalink for the patches.
As of now there are no announcments on Metalink or on OTN or on the Oracle security alerts page with respect to availability of the new patch set but there is a note on the Oracle alerts page to say that its scheduled to be released today.
Simply connect PFCLScan to your Oracle database and it will automatically discover the security issues that could make your Oracle database vulnerable to attack and to the potential loss of your data.
PFCLObfuscate is the only tool available that can automatically add license controls to your PL/SQL code. PFCLObfuscate protects your Intellectual Property invested in your PL/SQL database code.
PFCLTraining is a set of expert training classes for you, aimed at teaching how to audit your own Oracle database, design audit trails, secure code in PL/SQL and secure and lock down your Oracle database.
Choose PFCLServices to add PeteFinnigan.com Ltd to your team for your Oracle Security needs. We are experts in performing detailed security audits, data security design work and policy creation