Sie befinden sich aktuell in den Archiven des Blogs Blog für August, 2007.
- 10.2.0.4 (1)
- 11g (3)
- Allgemein (10)
- checkpwd (4)
- CPUApr2008 (3)
- CPUJan2008 (2)
- CPUJul2007 (3)
- CPUOct2007 (1)
- Database Vault (1)
- David Litchfield (4)
- Exploit (4)
- Forensics (3)
- Inguma (2)
- MacOS (1)
- Mary Ann (1)
- Oracle (2)
- Oracle Security (45)
- passwords (3)
- Podcast (1)
- rootkits (1)
- Security (9)
- Security Book (1)
- Sentrigo (1)
- software (2)
- Source Code Analysis (1)
- source code audit (3)
- SQL Injection (4)
- Trainings (1)
- 8 Mai 2008: Checkpwd 1.23 for MacOS Intel native released
- 16 Apr 2008: Oracle CPU April 2008 - Update
- 15 Apr 2008: Oracle Critical Patch Update April 2008 is out
- 11 Apr 2008: Looking Glass and Oracle 11g
- 11 Apr 2008: Oracle Critical Patch Update Pre-Release Announcement - April 2008
- 4 Mrz 2008: We proudly present: Anna Marie Kornbrust
- 4 Mrz 2008: Corba Exploit for VisiBroker published
- 25 Feb 2008: Oracle Patchset 10.2.0.4 is out
- 31 Jan 2008: First exploits for CPUJan2008 published
- 15 Jan 2008: Oracle Patch CPU January 2008 is out...
Archive für August 2007
Oracle Jinitiator ActiveX control 1.1.8.16 contains multiple Stack Buffer Overflows
30 Aug 2007 von Alexander Kornbrust.
Yesterday the US Cert published an advisory that the ActiveX control of Jinitiator 1.1.18.16 and earlier contains multiple buffer overflows allowing remote code execution. Even a new installation of Jinitiator does not fix the problem because the old, vulnerable control will not be removed. The US Cert recommends to disable ActiveX or to set the appropriate killbit.
Create and execute the following textfile to set the killbit. Additional information about killbits and activeX are available in the following Microsoft support note 240797.
———–killbit.reg—————
- Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9b935470-ad4a-11d5-b63e-00c04faedb18}]
“Compatibility Flags”=dword:00000400
———–killbit.reg—————
Geschrieben in Security, Oracle Security | Keine Kommentare »
Partnership between Red-Database-Security GmbH and PeteFinnigan.com Ltd.
21 Aug 2007 von Alexander Kornbrust.
Red-Database-Security GmbH in Germany and PeteFinnigan.com Limited in the UK are pleased to announce an exclusive partnership to promote and sell services / training and products to give customers the best choices in securing Oracle databases. Pete Finnigan and Alex Kornbrust are both world leaders in the field of securing Oracle databases and this exclusive partnership will provide a stronger combined proposition for customers of both companies. Alex and Pete are pleased to announce an exclusive and exciting limited opportunity to attend a 5 day Oracle Anti Hacker training in London from October 29th to November 2nd. The places are limited so don’t miss this unique opportunity. See www.petefinnigan.com and www.red-database-security.com for more details and to register.”
Geschrieben in Trainings, Security, Oracle Security, Allgemein | 2 Kommentare »
David’s Whitepaper about Oracle Forensics
12 Aug 2007 von Alexander Kornbrust.
David Litchfield just released the 5th part of his Oracle Forensics whitepaper “Finding Evidence of Data Theft in the Absence of Auditing“. He describes how to find traces if the attacker used only SELECT statements.
Geschrieben in Forensics, David Litchfield, Oracle Security | Keine Kommentare »
Oracle 11g is available
10 Aug 2007 von Alexander Kornbrust.
Oracle 11g is now available for download (Linux so far only).
Geschrieben in Oracle | Keine Kommentare »