http://www.petefinnigan.com/weblog/entries PeteFinnigan.com's weblog is the only weblog dedicated to Oracle security. en-gb Copyright PeteFinnigan.com Ltd 2005, All rights reserved. All trademarks are the property of their respective owners and are hereby acknowledged 2011-12-24T09:27:11Z Pete Finnigan (mailto:webmaster\@petefinnigan.com) Pete Finnigan (mailto:pete\@petefinnigan.com) PeteFinnigan.com's weblog is the only weblog dedicated to Oracle security. Pete Finnigan's Oracle security weblog http://www.petefinnigan.com/images/company_logo_1.gif http://www.petefinnigan.com/weblog/entries http://www.petefinnigan.com/weblog/archives/00001353.htm <p> Alex commented on my post about " oradebug " about the select statement on x$ksmfsv which holds a list of all fixed variables amongst other things and joined it to x$ksmmem to get the absolute address in the SGA to....<a href="http://www.petefinnigan.com/weblog/archives/00001353.htm">[Read More]</a> </p> <p>Posted by Pete On 21/09/11 At 07:26 PM</p> http://www.petefinnigan.com/weblog/archives/00001352.htm <p> Laszlo has published his slides from Hacktivity in Budapest last weekend where he shows how the Oracle undocumented oradebug command can be used to exploit the database; covering turning off authentication, turning off audit and more. His slides are here....<a href="http://www.petefinnigan.com/weblog/archives/00001352.htm">[Read More]</a> </p> <p>Posted by Pete On 21/09/11 At 12:54 PM</p> http://www.petefinnigan.com/weblog/archives/00001351.htm <p> I spoke at the UKOUG special security day event last week at Bletchley Park just outside of Milton Keynes. We had a great agenda for the day which was focused on Data Security. We had Ian Glover of CREST and....<a href="http://www.petefinnigan.com/weblog/archives/00001351.htm">[Read More]</a> </p> <p>Posted by Pete On 19/09/11 At 04:07 PM</p> http://www.petefinnigan.com/weblog/archives/00001350.htm <p> Ron Reidy will be teaching my 2 day class " how to perform a security audit of an Oracle database " in Denver, CO, USA on November 10th and November 11th 2011. The class is a public course so if....<a href="http://www.petefinnigan.com/weblog/archives/00001350.htm">[Read More]</a> </p> <p>Posted by Pete On 06/09/11 At 09:49 AM</p> http://www.petefinnigan.com/weblog/archives/00001349.htm <p> I noticed a few days ago that David Litchfield had posted two new short papers on Oracle security; one is related to global cursors declared in PL/SQL packages, the other about cursor variable type SYS_REFCURSOR being passed out of functions/procedures....<a href="http://www.petefinnigan.com/weblog/archives/00001349.htm">[Read More]</a> </p> <p>Posted by Pete On 06/07/11 At 01:20 PM</p> http://www.petefinnigan.com/weblog/archives/00001348.htm <p> Time flies by so fast..:-), its been two months since my last blog post but it only seems like yesterday...:-(, Times are very busy for me so blogging has become harder to fit in. Just writing a blog post seems....<a href="http://www.petefinnigan.com/weblog/archives/00001348.htm">[Read More]</a> </p> <p>Posted by Pete On 24/06/11 At 11:29 AM</p> http://www.petefinnigan.com/weblog/archives/00001347.htm <p> David has released four new papers on Oracle security topics a few days ago. Two of the papers seem to be from his ill fated book on Oracle Forensics as they are labelled " chapter 3 - How attackers break....<a href="http://www.petefinnigan.com/weblog/archives/00001347.htm">[Read More]</a> </p> <p>Posted by Pete On 20/04/11 At 09:50 AM</p> http://www.petefinnigan.com/weblog/archives/00001346.htm <p> Marcel-Jan emailed me an article on arstechnica a few days ago and has now written a forum post titled " How Anonymous hacked HBGary ". This is intersting reading and shows that simple techniques can be used to abuse systems....<a href="http://www.petefinnigan.com/weblog/archives/00001346.htm">[Read More]</a> </p> <p>Posted by Pete On 03/03/11 At 02:14 PM</p>