Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
There are 54 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog

Home » Archives » November 2006 » Carelessness Runs Amuck With Zero Day Vulnerabilities

[Previous entry: "Week of Oracle zero-days planned"] [Next entry: "Week of Oracle bugs axed--for now?"]

Carelessness Runs Amuck With Zero Day Vulnerabilities

November 24th, 2006 by Pete

Carelessness Runs Amuck With Zero Day Vulnerabilities - Mark Joseph Edwards

"It's no secret that some hackers, predominantly wearing either black or grey hats, discover vulnerabilities and then proceed to sit on those vulnerabilities for some variable amount of time. The motives for not informing the affected vendors appear to vary from entirely self-centered reasons to the need for leverage against a given vendor who might claim to be improving security, but just not fast enough for the satisfaction of some people. Sometimes the latter explanation turns out to be more of a ruse than fact. "

Judging by the amount of articles on this planned week of Oracle 0-days by Argeniss in the press and the fact that none of them are positive or in agreement with it, it looks like most of the Oracle speaking world agrees that its not a good plan. I have had a lot of conversations this week with interested parties, users and customers of Oracle and no one thinks its a good idea to release 0-days to make a point.

The real point is that Oracle are getting better at security, we should give them a chance to prove themselves and also there is no value in making a large amount of databases immediately vulnerable to attack.

November 2006

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

Atom 0.3 FEED
Powered by gm-rss 2.0.0

Valid XHTML 1.0!