Security Blogs

I have just created a dedicated page for my PL/SQL Oracle database password cracker and also linked to it from the Oracle Security Tools page . The code is available as a zip file at the end of the PL/SQL....[Read More]

Posted by Pete On 25/09/08 At 05:36 PM

On Tuesday I did a webinar for Sentrigo on the subject of Oracle Security (of course). This went well and we had quite a good attendance. I started the talk with a ten minute or so demo of hacking an....[Read More]

Posted by Pete On 25/09/08 At 04:13 PM

Well it has been a really busy last few weeks, phew.... I have had litle free time to do anything for myself except work for clients and keep the business running. On one hand thats great, but on the other....[Read More]

Posted by Pete On 23/09/08 At 09:15 PM

Next week on the 23rd of September at 15:00 UK time I am going to be doing another webinar on Oracle database security with Sentrigo . Here are the details being sent out for the webinar, I would be please....[Read More]

Posted by Pete On 17/09/08 At 08:36 AM

It has been a while since my last blog entry, things have been very busy work wise over the last few weeks, lots of travelling all over the place and lots of work..:-) Last week I was in Reykjavik to....[Read More]

Posted by Pete On 15/09/08 At 09:08 PM

I wrote an Oracle password cracker completely in PL/SQL some time ago and have been using it on Oracle Database Security audits as a good starting point to test the strength of Oracle database passwords. Of course I will not....[Read More]

Posted by Pete On 29/08/08 At 06:14 PM

In todays day and age we should all design code and applications to use the minimum privileges necessary, and only those necessary, and even ideally not even those privileges This is what we call in security circles reducing the attack....[Read More]

Posted by Pete On 28/08/08 At 07:52 PM

Well, it is slightly late BUT I have been blogging about (almost exclusively) Oracle security for 4 years now, the longest running blog dedicated just to Oracle Security . I started this blog on 20th September 2004 and it has....[Read More]

Posted by Pete On 02/10/08 At 09:01 PM

I have just posted the slides from my talk last Friday at the White-Hats event in London. The Oracle Security Masterclass is based on previous ones but the slides are not exactly the same. The slides are on my Oracle....[Read More]

Posted by Pete On 29/09/08 At 07:39 PM

A few days ago another major data leak occured in the UK. This time involving a UK consultancy called PA Consulting and also the British Home Office. An article Worker suspended over loss of prisoner data "A staff member at....[Read More]

Posted by Pete On 25/08/08 At 10:15 AM

I had a chat with a friend of mine on the phone last night and he asked me a question. I won't reveal his name in case he doesn't want me to but he knows who he is. He asked....[Read More]

Posted by Pete On 13/08/08 At 10:33 PM

We have been away for the past 8 or 9 days on a familly holiday so no blog posts over this last period. This holiday was strange, [Keep reading there is some Oracle security content coming!] OK not strange but....[Read More]

Posted by Pete On 11/08/08 At 03:43 PM

I have just updated my Oracle Security site home page which includes speaking dates down the left hand side towards the bottom of the page. I am going to be speaking in Iceland in September - doing my 2 hour....[Read More]

Posted by Pete On 31/07/08 At 07:46 PM

Oracle released their first security alert in three years outside of the Oracle Critical Patch Update (CPU) process on the 28th July. An unknown German (according to Alex's blog he is German) hacker calling himself Kingcope has released a 0-day....[Read More]

Posted by Pete On 30/07/08 At 11:19 AM

There was a post on my Oracle Security forum a couple of weeks ago that i found very interesting and worthy of a note on this blog. A poster raised a good question " Oracle Security is GOOD enough?....[Read More]

Posted by Pete On 28/07/08 At 12:04 PM

I promoted the IOUG/Oracle security survey a few weeks back in a post titled " An Oracle Security Survey by The IOUG and Oracle " and today i received an email from John at the IOUG to let me know....[Read More]

Posted by Pete On 24/07/08 At 08:47 AM

I saw today that Kurt Van Meerbeeck who is famous for writing jDUL that became DUDE has started a blog. I have known Kurt for many years on email but only in the last couple of years have we met....[Read More]

Posted by Pete On 23/07/08 At 10:45 AM

There has been a number of emails posted to the bugtraq and full-disclosure mailing lists in the last few days detaling some of the vulnerabilities fixed in the recent Oracle Critical Patch Update July 2008. It is worth detaling some....[Read More]

Posted by Pete On 22/07/08 At 09:29 PM

I wrote this last night but then my email connection failed (the ISP must have been doing maintenance) so could not send before i needed to sleep. I am teaching my two day class " How to perform an Oracle....[Read More]

Posted by Pete On 21/07/08 At 10:01 AM

One thing I forgot to mention the other day in my post July 2008 Critical Patch Update is out - a remote un-authenticated exploit revealed is that one of the major changes you will notice with this CPU is that....[Read More]

Posted by Pete On 18/07/08 At 10:34 AM