Archive for März, 2010

Oracle Java Forensics

Mittwoch, März 31st, 2010

Paul released a new article about Oracle Java Forensics. He describes how to find traces of Java attacks (e.g. via dbms_jvm_exp_perms) in the Oracle database.

I’ve got some nice ideas from Paul’s article.

Well done.

Microsoft fixed null pointer IE6/IE7 bug (CVE-2010-0490)

Dienstag, März 30th, 2010

Microsoft released a patch for CVE-2010-0490. More than 1 year ago I reported this issue to Microsoft.

Finally they fixed the problem.

Bug History:

5-February-2009 – Bug reported to Microsoft Security Response Center

30-March-2010 – Patch for CVE-2010-0490 released

László Tóth published his Hacktivity presentation & a tool called pytnsproxy

Mittwoch, März 24th, 2010

Today Laszlo sent me an email that he published the English version of his Hacktivity 2009 talk „Oracle authentication“ on his webpage. Laszlo was so nice to give me an English private session last year at the Hacktivity in Budapest.

His presentation contains the following topics:

I like the part where Laszlo shows how to hijack an Oracle session.

This presentation is a must for everyone interested in the Oracle authentication process.

Well done Laszlo.