Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Home » Archives » October 2007 » David Litchfield has started a new blog

[Previous entry: "Nice ideas to scrape the alert log in Windows"] [Next entry: "A new SQL Injection protection PL/SQL package"]

David Litchfield has started a new blog

October 27th, 2007 by Pete


I got an email from David today to let me know that he has started a new blog (Its good to see that he using GreyMatter Weblog software, software that I am also helping to develop) on a domain called www.davidlitchfield.com that looks to be set up as Davids personal site. David has an first interesting blog entry titled "SQL Injection and Data Security Breaches" that discusses some real SQL Injection attacks and also the reality of what can happen in such easy attacks, i.e. very large quantities of identities revealed or stolen and the breach of credit card details. The thing that stuck out for me was that reseachers found most of these and that in most cases they were very simple bugs. The worrying thing for these guys should be did anyone else find these bugs before who were less inclined to let them know about it?? - this is the worry for SQL Injection or any bug that discloses critical data, its found and fixed but did anyone find it before that and exploit it?

There has been 4 Comments posted on this article


October 27th, 2007 at 10:15 pm

Markus Perdrizat says:

It's not a blog if it doesn't contain a feed. Where do GreyMatter blogs usually make their feed available? Both I and Google Reader are unable to find David's feed.
I'd love to read his blog, but I'll never find the time to follow websites that don't have a feed.



October 28th, 2007 at 03:45 pm

Alexis Gil says:

Incidentally, I saw this post shortly after I read this strip:

http://xkcd.com/327/

big grin



October 29th, 2007 at 08:28 am

Pete says:

I didn't notice that David didn't have feeds available for his blog. I have dropped him an email about how to set it up. They are not there by default in Greymatter

cheers

Pete



October 29th, 2007 at 09:17 am

Pete says:

More haste, less speed, I should have checked David's blog again first before I emailed him..:-), he has already installed the feed code on Saturday so you can find the links for his feeds on the blogs side bar.

cheers

Pete


  • PFCLScan

    Simply connect PFCLScan to your Oracle database and it will automatically discover the security issues that could make your Oracle database vulnerable to attack and to the potential loss of your data.

  • PFCL Obfuscate PFCLObfuscate

    PFCLObfuscate is the only tool available that can automatically add license controls to your PL/SQL code. PFCLObfuscate protects your Intellectual Property invested in your PL/SQL database code.

  • PFCL Training PFCLTraining

    PFCLTraining is a set of expert training classes for you, aimed at teaching how to audit your own Oracle database, design audit trails, secure code in PL/SQL and secure and lock down your Oracle database.

  • PFCL Services PFCLServices

    Choose PFCLServices to add PeteFinnigan.com Ltd to your team for your Oracle Security needs. We are experts in performing detailed security audits, data security design work and policy creation