Sie befinden sich aktuell in den Archiven des Blogs Alexander Kornbrust Oracle Security Blog für August, 2007.
- 11g (12)
- Allgemein (29)
- David Litchfield (7)
- Exploit (23)
- Forensics (7)
- Oracle Security (105)
- passwords (8)
- Repscan (1)
- Security (22)
- Sentrigo (5)
- software (9)
- source code audit (5)
- SQL Injection (24)
- Tools (24)
- Trainings (3)
- Tutorial (2)
- 18 Nov 2011: DOAG 2011 Presentation "Best of Oracle Security 2011"
- 15 Okt 2011: Oracle Critical Patch Update Pre-Release Announcement - October 2011
- 17 Sep 2011: Disable Auditing and running OS commands using oradebug
- 13 Apr 2011: Blackhat Training "HACKING AND SECURING ORACLE (2 days) "
- 2 Apr 2011: Oracle Database 11.2 Express Edition Beta comes with weak default password
- 23 Mrz 2011: McAfee acquires Sentrigo
- 12 Okt 2010: TDE decrypt utilities and TDE/Password flash demo
- 22 Sep 2010: Marcell published "Writing your own password cracker" presentation
- 21 Sep 2010: Laszlo's presentation "Oracle Post Exploitation Techniques" and Marcel's Sybase ASE Password Cracker
- 10 Sep 2010: Update of "Project Lockdown" released
Oracle Security
SQL Injection
- November 2011
- Oktober 2011
- September 2011
- April 2011
- März 2011
- Oktober 2010
- September 2010
- August 2010
- April 2010
- März 2010
- Februar 2010
- Januar 2010
- Dezember 2009
- November 2009
- Oktober 2009
- September 2009
- August 2009
- Juli 2009
- Mai 2009
- April 2009
- März 2009
- Februar 2009
- Januar 2009
- Dezember 2008
- November 2008
- Oktober 2008
- August 2008
- Juli 2008
- Mai 2008
- April 2008
- März 2008
- Februar 2008
- Januar 2008
- Dezember 2007
- November 2007
- Oktober 2007
- September 2007
- August 2007
- Juli 2007
- Juni 2007
- Mai 2007
Archive für August 2007
Oracle Jinitiator ActiveX control 1.1.8.16 contains multiple Stack Buffer Overflows
30 Aug 2007 von Alexander Kornbrust.
Yesterday the US Cert published an advisory that the ActiveX control of Jinitiator 1.1.18.16 and earlier contains multiple buffer overflows allowing remote code execution. Even a new installation of Jinitiator does not fix the problem because the old, vulnerable control will not be removed. The US Cert recommends to disable ActiveX or to set the appropriate killbit.
Create and execute the following textfile to set the killbit. Additional information about killbits and activeX are available in the following Microsoft support note 240797.
———–killbit.reg—————
- Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9b935470-ad4a-11d5-b63e-00c04faedb18}]
“Compatibility Flags”=dword:00000400
———–killbit.reg—————
Geschrieben in Security, Oracle Security | Drucken | Keine Kommentare »
Partnership between Red-Database-Security GmbH and PeteFinnigan.com Ltd.
21 Aug 2007 von Alexander Kornbrust.
Red-Database-Security GmbH in Germany and PeteFinnigan.com Limited in the UK are pleased to announce an exclusive partnership to promote and sell services / training and products to give customers the best choices in securing Oracle databases. Pete Finnigan and Alex Kornbrust are both world leaders in the field of securing Oracle databases and this exclusive partnership will provide a stronger combined proposition for customers of both companies. Alex and Pete are pleased to announce an exclusive and exciting limited opportunity to attend a 5 day Oracle Anti Hacker training in London from October 29th to November 2nd. The places are limited so don’t miss this unique opportunity. See www.petefinnigan.com and www.red-database-security.com for more details and to register.”
Geschrieben in Trainings, Security, Oracle Security, Allgemein | Drucken | 2 Kommentare »
David’s Whitepaper about Oracle Forensics
12 Aug 2007 von Alexander Kornbrust.
David Litchfield just released the 5th part of his Oracle Forensics whitepaper “Finding Evidence of Data Theft in the Absence of Auditing“. He describes how to find traces if the attacker used only SELECT statements.
Geschrieben in Forensics, David Litchfield, Oracle Security | Drucken | Keine Kommentare »
Oracle 11g is available
10 Aug 2007 von Alexander Kornbrust.
Oracle 11g is now available for download (Linux so far only).
Geschrieben in Oracle Security | Drucken | Keine Kommentare »