[Previous entry: "DBMS_SCHEDULER as a new alternative for DBMS_JOB by Patrick Sinke"] [Next entry: "Security expert calls for Oracle makeover"]
Argeniss are selling 0-day exploits for Oracle
April 20th, 2006 by Pete
Post to del.icio.us
Post to Furl
I was made aware of this URL today by someone. I was vaguely aware that the guys at Argeniss were selling exploit information but had not had the time to take a look. The page on their site titled "Argeniss Ultimate 0day Exploits Pack" details the service available to those penetration testers or tool manufacturers who want to test if various IPS/IDSAnti* type products are working well with 0-Day bugs for various software. These include a list of 6 exploits for Oracle. I can see the value in this for people who do not have the skills or time to find these bugs to be able to test expensive tools they may have implemented or for vendors to also test their products that are supposed to trap 0-day bugs. I can also see the downside that others may buy the details for other nefarious reasons. I leave it to you the reader to make your own mind up.
