Re: Oracle Security Blasted
- From: Paul Drake <bdbafh@xxxxxxxxx>
- To: stellr@xxxxxxxxxx
- Date: Fri, 7 Oct 2005 14:49:58 -0400
On 10/7/05, Ray Stell <stellr@xxxxxxxxxx> wrote: > > > Is that true? Are the Alert 68 holes still there? I thought I > patched that about 4 or 5 times? ;) > > > The real problem with this is not that the flaws > > Alert 68 supposedly fixed > > are still exploitable, but rather the approach > > Oracle took in attempting to > > fix these issues. One would expect that, given the > > length of time they took > > to deliver, these security "fixes" would be well > > considered and robust; > > fixes that actually resolve the security holes. The > > truth of the matter > > though is that this is not the case. Gratuitous Homer Simpson quote: "mmmmmmmmm ... placebo <drool>". Pd On Fri, Oct 07, 2005 at 09:40:36AM -0700, MacGregor, Ian A. wrote: > > Our security officer sent me this. > > > > Title: David Litchfield writes an open letter to the security community > > and Oracle customers > > Author: Pete Finnigan > > Source: Pete Finnigan's Oracle security weblog > > > > Excerpt: > > > > David is calling for Oracle customers to contact Oracle and demand a > > better security service and those customers should demand fixes. Cesars > > comments mirror those of David with some comparisons to Microsoft a few > > years ago and he also threatens to release a 0day remote exploit. > > > > For complete article see: > > http://www.petefinnigan.com/weblog/archives/00000576.htm > > http://www.securityfocus.com/archive/1/412666/30/0/threaded > > http://www.argeniss.com/products.html > > > > Ian MacGregor > > Stanford Linear Accelerator Center > > -- > > http://www.freelists.org/webpage/oracle-l > ============================================================ > Ray Stell stellr@xxxxxx (540) 231-4109 Tempus fugit 28^D > -- > http://www.freelists.org/webpage/oracle-l > -- #/etc/init.d/init.cssd stop # f=ma, divide by 1, convert to moles.