Re: Oracle Security Blasted
- From: Ray Stell <stellr@xxxxxxxxxx>
- To: oracle-l <oracle-l@xxxxxxxxxxxxx>
- Date: Fri, 7 Oct 2005 13:52:18 -0400
Is that true? Are the Alert 68 holes still there? I thought I
patched that about 4 or 5 times? ;)
> The real problem with this is not that the flaws
> Alert 68 supposedly fixed
> are still exploitable, but rather the approach
> Oracle took in attempting to
> fix these issues. One would expect that, given the
> length of time they took
> to deliver, these security "fixes" would be well
> considered and robust;
> fixes that actually resolve the security holes. The
> truth of the matter
> though is that this is not the case.
On Fri, Oct 07, 2005 at 09:40:36AM -0700, MacGregor, Ian A. wrote:
> Our security officer sent me this.
>
> Title: David Litchfield writes an open letter to the security community
> and Oracle customers
> Author: Pete Finnigan
> Source: Pete Finnigan's Oracle security weblog
>
> Excerpt:
>
> David is calling for Oracle customers to contact Oracle and demand a
> better security service and those customers should demand fixes. Cesars
> comments mirror those of David with some comparisons to Microsoft a few
> years ago and he also threatens to release a 0day remote exploit.
>
> For complete article see:
> http://www.petefinnigan.com/weblog/archives/00000576.htm
> http://www.securityfocus.com/archive/1/412666/30/0/threaded
> http://www.argeniss.com/products.html
>
> Ian MacGregor
> Stanford Linear Accelerator Center
> --
> //www.freelists.org/webpage/oracle-l
============================================================
Ray Stell stellr@xxxxxx (540) 231-4109 Tempus fugit 28^D
--
//www.freelists.org/webpage/oracle-l
Other related posts:
