Is that true? Are the Alert 68 holes still there? I thought I patched that about 4 or 5 times? ;) > The real problem with this is not that the flaws > Alert 68 supposedly fixed > are still exploitable, but rather the approach > Oracle took in attempting to > fix these issues. One would expect that, given the > length of time they took > to deliver, these security "fixes" would be well > considered and robust; > fixes that actually resolve the security holes. The > truth of the matter > though is that this is not the case. On Fri, Oct 07, 2005 at 09:40:36AM -0700, MacGregor, Ian A. wrote: > Our security officer sent me this. > > Title: David Litchfield writes an open letter to the security community > and Oracle customers > Author: Pete Finnigan > Source: Pete Finnigan's Oracle security weblog > > Excerpt: > > David is calling for Oracle customers to contact Oracle and demand a > better security service and those customers should demand fixes. Cesars > comments mirror those of David with some comparisons to Microsoft a few > years ago and he also threatens to release a 0day remote exploit. > > For complete article see: > http://www.petefinnigan.com/weblog/archives/00000576.htm > http://www.securityfocus.com/archive/1/412666/30/0/threaded > http://www.argeniss.com/products.html > > Ian MacGregor > Stanford Linear Accelerator Center > -- > //www.freelists.org/webpage/oracle-l ============================================================ Ray Stell stellr@xxxxxx (540) 231-4109 Tempus fugit 28^D -- //www.freelists.org/webpage/oracle-l