Judging by the number of news articles published (I have never seen to many about one Oracle security issue - I still have a list of quite a few more that I will report here later) about Alex's advisories I would say Oracle could do without any new revelations next week. The Black Hat briefings have been used in the past to disclose Oracle vulnerabilities.
The four speakers are:
Alexander Kornbrust : Circumvent Oracle’s Database Encryption and Reverse Engineering of Oracle Key Management Algorithms - Alex will talk about the architectural flaws in Oracles database encryption packages DBMS_CRYPTO and DBMS_OBFUSCATION_TOOLKIT. Alex will show how the encryption key can be "sniffed" and also if a flexible key algorithm is used how the algorithms can be reverse engineered.
Esteban Martínez Fayó : Advanced SQL Injection in Oracle Databases - Esteban will talk about new ways to attack Oracle databases and advanced SQL injection in particular. He will also show how to see the internal PL/SQL code in Oracle built in procedures that is vulnerable. he will show some attacks and also how to protect from them
Cesar Cerrudo : Demystifying MS SQL Server & Oracle Database Server Security - Cesar will talk about the security differences between MS SQL Server and Oracle and talk about how each vendor deals with security issues and patches.
David Litchfield : All New Ø-Day - Details of David's talk are not on the Black Hat site but I can be sure that he will talk about Oracle as he usually does. David has a wild card and doesn't usually announce what he will talk about. I thought I heard that he will talk about patch management - but I cannot remember from where - maybe this is true with his recent discovery about CPU April 2005.