Pete Finnigan's Oracle security weblog

Howard's DORIS script is available again - some security comments from me

Fri, 16 May 2008 20:52:04 +0100

I noticed today that Howard's Dizwell-Oracle Reliable Installation Script (DORIS) version 1.0a shell script is available again for download. This is a useful script and great for installing Oracle on Linux without resorting to reading loads of "how-to" sites. Howard....[Read More]

Posted by Pete On 16/05/08 At 07:50 PM

License Plate scanners and SQL Injection

Fri, 16 May 2008 20:52:04 +0100

I posted a couple of days ago a link to an almost certain hoax of a license plate of a red mini that had been altered to include SQL Injection. This was in a post titled License Plate SQL Injection....[Read More]

Posted by Pete On 15/05/08 At 09:02 PM

Oracle Application Server 10g ORA_DAV basic authentication bypass

Fri, 16 May 2008 20:52:04 +0100

I would recommend anyone that is interested in securing their Oracle database to subscribe to some of the major security lists such as the bugtraq list at securityfocus.com or the full disclosure list. There are plent more besides these, but....[Read More]

Posted by Pete On 14/05/08 At 07:42 PM

License plate SQL Injection

Fri, 16 May 2008 20:52:04 +0100

Wow, its been a while since I posted, I have been travelling all over the world over the last month or so, teaching my Oracle security class and also speaking at conferences and performing Oracle security audits. It's been a....[Read More]

Posted by Pete On 13/05/08 At 07:38 PM

Slides from OUG Scotland DBA SIG on Oracle Forensics available

Fri, 16 May 2008 20:52:04 +0100

I have posted the slides to my talk from yesterday at the OUG Scotland SIG to my Oracle Security white papers page . They are the first entries in the page. The talk was 45 minutes about Oracle Forensics. This....[Read More]

Posted by Pete On 01/05/08 At 02:23 PM

Conditionally firing triggers

Fri, 16 May 2008 20:52:04 +0100

I saw a post on the BAR Solutions blog today titled " Triggers… " that was very interesting as I have had the same issue in the past for different reasons. The blog post was around an issue where triggers....[Read More]

Posted by Pete On 01/05/08 At 01:22 PM

Lateral SQL Injection and Conferences and security training

Fri, 16 May 2008 20:52:04 +0100

I am writing this whilst sat on a train travelling at around 120mph between York and Darlington, this is probably my first blog entry written at speed! I saw that David had released his paper " Lateral SQL Injection: A....[Read More]

Posted by Pete On 30/04/08 At 08:26 AM

Slides from OUGN Norway and RISK 2008 Norway available

Fri, 16 May 2008 20:52:04 +0100

I was over in Norway this week and the Oracle User Group Norway (OUGN) asked me to speak at an evening user group meeting of theirs. This was a eally friendly group and it was a pleasure to speak there....[Read More]

Posted by Pete On 25/04/08 At 05:58 PM

Two remotely exploitable without authentication bugs to be fixed

Fri, 16 May 2008 20:52:04 +0100

Oracle's pre-patch advisory note for the next Critical Patch Update (CPU) due this Tuesday (15th) states that there are 17 new security fixes for the database, two for Apex and two of which are remotely exploitable without authentication. The advisory....[Read More]

Posted by Pete On 14/04/08 At 10:17 AM