Re: Oracle Security Blasted

Is that true?  Are the Alert 68 holes still there?  I thought I 
patched that about 4 or 5 times? ;)

> The real problem with this is not that the flaws
> Alert 68 supposedly fixed
> are still exploitable, but rather the approach
> Oracle took in attempting to
> fix these issues. One would expect that, given the
> length of time they took
> to deliver, these security "fixes" would be well
> considered and robust;
> fixes that actually resolve the security holes. The
> truth of the matter
> though is that this is not the case.

On Fri, Oct 07, 2005 at 09:40:36AM -0700, MacGregor, Ian A. wrote:
> Our security officer sent me this.  
> Title: David Litchfield writes an open letter to the security community 
> and Oracle customers
> Author: Pete Finnigan
> Source: Pete Finnigan's Oracle security weblog
> Excerpt:
> David is calling for Oracle customers to contact Oracle and demand a 
> better security service and those customers should demand fixes. Cesars 
> comments mirror those of David with some comparisons to Microsoft a few 
> years ago and he also threatens to release a 0day remote exploit.
> For complete article see:
> Ian MacGregor
> Stanford Linear Accelerator Center
> --
Ray Stell  stellr@xxxxxx  (540) 231-4109  Tempus fugit  28^D

Other related posts: