Security Blogs

Slavik has a nice post on his blog ( picked up from my Oracle blogs aggregator ) titled " Blind SQL Injection in Oracle ". This is a nice article that discusses SQL Injection types with nice examples for Oracle....[Read More]

Posted by Pete On 14/10/09 At 02:08 PM

I found a nice blog the other week called oraganism and added to my list of things to blog about; so in visiting it again at the weekend I saw a nice post by Pawel Krol about spoofing the osuser....[Read More]

Posted by Pete On 13/10/09 At 04:04 PM

I saw a few posts on news channels at the turn of the current month talking about Oracles new "Oracle database security and compliance solution" . A quick search of google shows that this seems to have been a heavilly....[Read More]

Posted by Pete On 12/10/09 At 02:09 PM

I noticed a nice post on Robert Geier's blog a while ago and made a note to link to it from here. The post is titled " Enable Oracle auditing BEFORE you need it. " which of course carries a....[Read More]

Posted by Pete On 09/10/09 At 08:26 PM

I was sent an email from some guy promoting some twitter (or some other site of the same ilk, i dont know now as i marked his mail as junk and deleted it) software that promotes books; he found me....[Read More]

Posted by Pete On 08/10/09 At 11:01 AM

I don't talk much about security bugs anymore here primarily because my focus has always been at the auditor / help secure end of the spectrum rather than others who focus at the research/find security bugs/exploits/penetration test end of the....[Read More]

Posted by Pete On 07/10/09 At 04:29 PM

I got an email yesterday from a client I have worked for a number of times over the last 6 and a half years of running PeteFinnigan.com Limited and he asked an interesting question. He said (slightly edited) you have....[Read More]

Posted by Pete On 06/10/09 At 05:12 PM

I first chatted to Dennis Yurichev probably around a couple of years ago about his efforts to make an FPGA password cracker. We exchanged numerous emails and i think without checking back he had one FPGA cracker working that did....[Read More]

Posted by Pete On 05/10/09 At 12:47 PM

I saw via Roxana Bradescu's blog that the IOUG has released its second "annual" - not twice a year, the second time its been done - security survey. This year its different as last year bloggers like myself were asked....[Read More]

Posted by Pete On 02/10/09 At 10:32 AM

Curtis Copley emailed me to let me know about his new paper on a grammatically correct random passphrase generator and also the free tools he has created to implement this in Java and also in PL/SQL. The paper is available....[Read More]

Posted by Pete On 30/09/09 At 01:17 PM

Jaromir emailed me a link to a paper he has written on SQL injection where he manipulates the where clause of an existing statement that can be exploited via SQl injection. Normal wisdom says that if you can only manipulate....[Read More]

Posted by Pete On 29/09/09 At 06:30 PM

I saw an article on default accounts on the database journal website titled " Oracle 11g Security - Those Pesky Predefined Accounts " and as its a subject ( default users and default passwords ) I have personally written about....[Read More]

Posted by Pete On 28/09/09 At 03:43 PM

I have spent a lot of time this week dealing with backups; not databases but of my own main machine that runs my email, development and business needs - used by myself when in the office and by my PA....[Read More]

Posted by Pete On 24/09/09 At 01:45 PM

Well it seems like quite a while since I last blogged here (I do keep saying that don't I!); I have been very busy with client work and also working on the new Oak Table Apress Oracle book. I completed....[Read More]

Posted by Pete On 22/09/09 At 12:19 PM

I got an email from Oracle support last night to tell me that the next Oracle Critical Patch Update, the CPU for October: Here is the email (There are no privacy statements so I am guessing its OK to reproduce....[Read More]

Posted by Pete On 04/09/09 At 08:56 AM

The last few weeks have been very busy with full time client work and also a number of personal projects so emails and blogging have taken a back step. Coupled to that I have used my writing time with a....[Read More]

Posted by Pete On 01/09/09 At 08:09 PM

Slavik emailed me today to let me know of a guest posting by Roy Fox on his blog with a post titled " Side-Channel Information Leakage using VPD " that describes a way to infer whether VPD is enabled on....[Read More]

Posted by Pete On 19/08/09 At 10:48 AM

Chris Gates will release and demonstrate a new version of metaploit at Black Hat to show how Oracle can be attacked and hacked remotely. The presentation will be followed by the release of this version of Metasploit. Chris Gates demonstrated....[Read More]

Posted by Pete On 24/07/09 At 03:16 PM

I did a very successful webinar in conjunction with Sentrigo a couple of days ago. The talk was very well attended and there was some very good feedback. I have posted the slides to my Oracle security white papers page....[Read More]

Posted by Pete On 24/07/09 At 08:35 AM

Jared posted a link to this article on the Oracle-l list a couple of days ago and i marked it to blog when i got the chance and as my PC has just started to install a patch and will....[Read More]

Posted by Pete On 22/07/09 At 02:21 PM