I’ve got some nice ideas from Paul’s article.
Microsoft released a patch for CVE-2010-0490. More than 1 year ago I reported this issue to Microsoft.
Finally they fixed the problem.
5-February-2009 – Bug reported to Microsoft Security Response Center
30-March-2010 – Patch for CVE-2010-0490 released
Today Laszlo sent me an email that he published the English version of his Hacktivity 2009 talk „Oracle authentication“ on his webpage. Laszlo was so nice to give me an English private session last year at the Hacktivity in Budapest.
His presentation contains the following topics:
I like the part where Laszlo shows how to hijack an Oracle session.
This presentation is a must for everyone interested in the Oracle authentication process.
Well done Laszlo.