Security Blogs

Gary pointed us to an article written on database journal by james in a forum post titled " OS Authentication ". The article is titled " Securing Client Connections: OS Authentication " and it discusses the virtues of externally (OS....[Read More]

Posted by Pete On 19/11/09 At 08:54 AM

I saw today Pauls recent post to his blog " DAMS for Post and PRE-CPU Change Management " and when I read: A quicker and simpler way to remove the threat of a vulnerable package is to simply REVOKE the....[Read More]

Posted by Pete On 17/11/09 At 07:18 PM

We often get enquiries for our Oracle security training classes and security consulting including Oracle database security audits from clients in the USA. We have come to the point in time where we need to have full time representation on....[Read More]

Posted by Pete On 16/11/09 At 06:53 PM

After the very successful Oracle security training event we held in York in July we are now going to run a new event, again in York on February 9th and 10th 2010. The two day training will be held at....[Read More]

Posted by Pete On 13/11/09 At 04:42 PM

I saw a nice post on Alex Nuijten's blog yesterday titled " Create Users with DBMS_METADATA " via my Oracle blogs aggregator that talks about Alex's use of DBMS_METADATA to copy database users from one database to another by generating....[Read More]

Posted by Pete On 12/11/09 At 03:36 PM

I posted in a post titled " A new Oracle Security book.... or three! " a couple of weeks ago (or so) that Alexandr Polyakov had written and published a book on Oracle security in Russian. The book is only....[Read More]

Posted by Pete On 10/11/09 At 08:16 PM

One of the interesting discussions with the delegates that took place in my Oracle security class in Prague last week was a discussion around the difference between privileges granted via roles and those granted directly and the effects of privileges....[Read More]

Posted by Pete On 09/11/09 At 07:18 PM

I have not been able to blog for the last couple of days as I have been in Prague teaching my companies two day class " How to perform a security audit of an Oracle database " which went really....[Read More]

Posted by Pete On 05/11/09 At 07:30 PM

I blogged last week about Dennis Yurichev's FPGA password cracker here in a blog titled " Update to Dennis Yurichevs FPGA cracker plus exploit code for the CPU CVSS 10.0 bug " and i set off two example cracker sessions....[Read More]

Posted by Pete On 02/11/09 At 10:37 PM

I got an email from Dennis Yurichev to say that he has improved the output of his FPGA cracker to now include the speed at which its cracking. Great, I asked for this enhancement. To test it i have created....[Read More]

Posted by Pete On 30/10/09 At 07:01 PM

I posted a while ago about some classes I would be teaching; well the dates are now firmed up and some have moved so its worth just publishing these again: Prague - November 3rd and 4th - This should be....[Read More]

Posted by Pete On 28/10/09 At 07:26 PM

I saw via Paul's blog yesterday that Alexandr Polyakov who works for Digital Security Research Group has written a new book on Oracle Security titled " Ð'езопасность Oracle глазами аудитора: нападение и защита " which translates in Google to English....[Read More]

Posted by Pete On 27/10/09 At 06:47 PM

OK, it is a strange title for the blog post but bear with me there is a reason for it. In the UK and I am sure in many other so called developed countries there is a norm or accepted....[Read More]

Posted by Pete On 26/10/09 At 03:26 PM

I made a note a few days ago when i saw the link to Mary Ann Davidsons (Oracle's security chief) interview with Justin at Open World had been posted to mention it here. The interview was done in the OTN....[Read More]

Posted by Pete On 23/10/09 At 01:21 PM

The latest and greatest Critical Patch Update from Oracle was released last night along with the usual advisory. I talked about the pre-release note a few days ago here in a post titled " Oracle's October pre-cpu advisory is released....[Read More]

Posted by Pete On 21/10/09 At 08:21 PM

I watched the Tonight program last night on ITV (This is a UK TV channel for all the non-UK readers of this blog) because I saw an ad for it at the weekend and it sounded really interesting. The program....[Read More]

Posted by Pete On 20/10/09 At 11:17 AM

Oracles usual pre-release for the CPU (Critical Patch Update) for October has been released. The pre-release document is usually released the Thursday before the CPU; the CPU is due out next Tuesday the 20th October. The CPU should have been....[Read More]

Posted by Pete On 16/10/09 At 07:32 PM

Just a quick post this evening; I have had a busy day. Last night i spoke at the inaugural meeting of the OWASP Leeds chapter which was a really good meeting; good audience and some good participation. Jason opened the....[Read More]

Posted by Pete On 15/10/09 At 07:42 PM

Slavik has a nice post on his blog ( picked up from my Oracle blogs aggregator ) titled " Blind SQL Injection in Oracle ". This is a nice article that discusses SQL Injection types with nice examples for Oracle....[Read More]

Posted by Pete On 14/10/09 At 02:08 PM

I found a nice blog the other week called oraganism and added to my list of things to blog about; so in visiting it again at the weekend I saw a nice post by Pawel Krol about spoofing the osuser....[Read More]

Posted by Pete On 13/10/09 At 04:04 PM