Security Blogs

I got an email from Dennis Yurichev to say that he has improved the output of his FPGA cracker to now include the speed at which its cracking. Great, I asked for this enhancement. To test it i have created....[Read More]

Posted by Pete On 30/10/09 At 07:01 PM

I posted a while ago about some classes I would be teaching; well the dates are now firmed up and some have moved so its worth just publishing these again: Prague - November 3rd and 4th - This should be....[Read More]

Posted by Pete On 28/10/09 At 07:26 PM

I saw via Paul's blog yesterday that Alexandr Polyakov who works for Digital Security Research Group has written a new book on Oracle Security titled " Ð'езопасность Oracle глазами аудитора: нападение и защита " which translates in Google to English....[Read More]

Posted by Pete On 27/10/09 At 06:47 PM

OK, it is a strange title for the blog post but bear with me there is a reason for it. In the UK and I am sure in many other so called developed countries there is a norm or accepted....[Read More]

Posted by Pete On 26/10/09 At 03:26 PM

I made a note a few days ago when i saw the link to Mary Ann Davidsons (Oracle's security chief) interview with Justin at Open World had been posted to mention it here. The interview was done in the OTN....[Read More]

Posted by Pete On 23/10/09 At 01:21 PM

The latest and greatest Critical Patch Update from Oracle was released last night along with the usual advisory. I talked about the pre-release note a few days ago here in a post titled " Oracle's October pre-cpu advisory is released....[Read More]

Posted by Pete On 21/10/09 At 08:21 PM

I watched the Tonight program last night on ITV (This is a UK TV channel for all the non-UK readers of this blog) because I saw an ad for it at the weekend and it sounded really interesting. The program....[Read More]

Posted by Pete On 20/10/09 At 11:17 AM

Oracles usual pre-release for the CPU (Critical Patch Update) for October has been released. The pre-release document is usually released the Thursday before the CPU; the CPU is due out next Tuesday the 20th October. The CPU should have been....[Read More]

Posted by Pete On 16/10/09 At 07:32 PM

Just a quick post this evening; I have had a busy day. Last night i spoke at the inaugural meeting of the OWASP Leeds chapter which was a really good meeting; good audience and some good participation. Jason opened the....[Read More]

Posted by Pete On 15/10/09 At 07:42 PM

Slavik has a nice post on his blog ( picked up from my Oracle blogs aggregator ) titled " Blind SQL Injection in Oracle ". This is a nice article that discusses SQL Injection types with nice examples for Oracle....[Read More]

Posted by Pete On 14/10/09 At 02:08 PM

I found a nice blog the other week called oraganism and added to my list of things to blog about; so in visiting it again at the weekend I saw a nice post by Pawel Krol about spoofing the osuser....[Read More]

Posted by Pete On 13/10/09 At 04:04 PM

I saw a few posts on news channels at the turn of the current month talking about Oracles new "Oracle database security and compliance solution" . A quick search of google shows that this seems to have been a heavilly....[Read More]

Posted by Pete On 12/10/09 At 02:09 PM

I noticed a nice post on Robert Geier's blog a while ago and made a note to link to it from here. The post is titled " Enable Oracle auditing BEFORE you need it. " which of course carries a....[Read More]

Posted by Pete On 09/10/09 At 08:26 PM

I was sent an email from some guy promoting some twitter (or some other site of the same ilk, i dont know now as i marked his mail as junk and deleted it) software that promotes books; he found me....[Read More]

Posted by Pete On 08/10/09 At 11:01 AM

I don't talk much about security bugs anymore here primarily because my focus has always been at the auditor / help secure end of the spectrum rather than others who focus at the research/find security bugs/exploits/penetration test end of the....[Read More]

Posted by Pete On 07/10/09 At 04:29 PM

I got an email yesterday from a client I have worked for a number of times over the last 6 and a half years of running PeteFinnigan.com Limited and he asked an interesting question. He said (slightly edited) you have....[Read More]

Posted by Pete On 06/10/09 At 05:12 PM

I first chatted to Dennis Yurichev probably around a couple of years ago about his efforts to make an FPGA password cracker. We exchanged numerous emails and i think without checking back he had one FPGA cracker working that did....[Read More]

Posted by Pete On 05/10/09 At 12:47 PM

I saw via Roxana Bradescu's blog that the IOUG has released its second "annual" - not twice a year, the second time its been done - security survey. This year its different as last year bloggers like myself were asked....[Read More]

Posted by Pete On 02/10/09 At 10:32 AM

Curtis Copley emailed me to let me know about his new paper on a grammatically correct random passphrase generator and also the free tools he has created to implement this in Java and also in PL/SQL. The paper is available....[Read More]

Posted by Pete On 30/09/09 At 01:17 PM

Jaromir emailed me a link to a paper he has written on SQL injection where he manipulates the where clause of an existing statement that can be exploited via SQl injection. Normal wisdom says that if you can only manipulate....[Read More]

Posted by Pete On 29/09/09 At 06:30 PM