Re: Oracle Security Blasted

On 10/7/05, Ray Stell <stellr@xxxxxxxxxx> wrote:
>
>
> Is that true? Are the Alert 68 holes still there? I thought I
> patched that about 4 or 5 times? ;)
>
> > The real problem with this is not that the flaws
> > Alert 68 supposedly fixed
> > are still exploitable, but rather the approach
> > Oracle took in attempting to
> > fix these issues. One would expect that, given the
> > length of time they took
> > to deliver, these security "fixes" would be well
> > considered and robust;
> > fixes that actually resolve the security holes. The
> > truth of the matter
> > though is that this is not the case.


Gratuitous Homer Simpson quote:

"mmmmmmmmm ... placebo <drool>".

Pd

On Fri, Oct 07, 2005 at 09:40:36AM -0700, MacGregor, Ian A. wrote:
> > Our security officer sent me this.
> >
> > Title: David Litchfield writes an open letter to the security community
> > and Oracle customers
> > Author: Pete Finnigan
> > Source: Pete Finnigan's Oracle security weblog
> >
> > Excerpt:
> >
> > David is calling for Oracle customers to contact Oracle and demand a
> > better security service and those customers should demand fixes. Cesars
> > comments mirror those of David with some comparisons to Microsoft a few
> > years ago and he also threatens to release a 0day remote exploit.
> >
> > For complete article see:
> > http://www.petefinnigan.com/weblog/archives/00000576.htm
> > http://www.securityfocus.com/archive/1/412666/30/0/threaded
> > http://www.argeniss.com/products.html
> >
> > Ian MacGregor
> > Stanford Linear Accelerator Center
> > --
> > http://www.freelists.org/webpage/oracle-l
> ============================================================
> Ray Stell stellr@xxxxxx (540) 231-4109 Tempus fugit 28^D
> --
> http://www.freelists.org/webpage/oracle-l
>



--
#/etc/init.d/init.cssd stop
# f=ma, divide by 1, convert to moles.

Other related posts: