Infos
Sie befinden sich aktuell in den Blog Blog-Archiven für den folgenden Tag 20 Aug 2008.
Calendar
Kategorien
- 10.2.0.4 (1)
- 11g (4)
- Allgemein (12)
- BEA (1)
- checkpwd (4)
- CPUApr2008 (3)
- CPUJan2008 (2)
- CPUJul2007 (3)
- CPUOct2007 (1)
- CPUOct2008 (1)
- Data Vault (1)
- Database Vault (2)
- David Litchfield (5)
- DOAG (1)
- Exploit (4)
- Forensics (4)
- Inguma (3)
- MacOS (1)
- Mary Ann (1)
- Oracle (2)
- Oracle Security (52)
- passwords (5)
- Podcast (1)
- rootkits (1)
- Security (9)
- Security Book (1)
- Sentrigo (2)
- software (2)
- Source Code Analysis (1)
- source code audit (3)
- SQL Injection (4)
- Tools (2)
- Trainings (1)
Letzte Einträge
- 30 Dez 2008: Inguma 0.1.0 (R1) released
- 24 Dez 2008: Merry Christmas
- 14 Dez 2008: New version of cain with support for 11g passwords
- 8 Dez 2008: MD5 Bruteforcer - BarsWF
- 7 Dez 2008: GSAuditor - Fastest Oracle 11g password cracker (AFAIK)
- 5 Dez 2008: DOAG 2008 is over
- 27 Nov 2008: David Litchfield has published a whitepaper on Oracle forensics
- 21 Nov 2008: Oracle Database Vault Privilege Escalation Exploit published
- 14 Okt 2008: Oracle Critical Patch Update October 2008 is out
- 20 Aug 2008: New Oracle bugs and BSQL Hacker
Links
Archive
Archive für 20 Aug 2008
New Oracle bugs and BSQL Hacker
20 Aug 2008 von Alexander Kornbrust.
Today I reported 6 new security vulnerabilities to Oracle (2 Data Vault, 2 Auditing, 1 Discoverer, 1 Password Verification Function). Even if Oracle Security is getting better (see also discussion on Pete’s Blog) there are still enough bugs available.
Portcullis Labs released their free scanner BSQL Hacker for detecting blind sql injection. BSQL Hacker is supporting Oracle, MSSQL and MySQL. At the moment I have no time to play longer with this tool but it looks promising (see video).
Geschrieben in Tools, Database Vault, Oracle Security | 1 Kommentar »
|