Paul released a new article about Oracle Java Forensics. He describes how to find traces of Java attacks (e.g. via dbms_jvm_exp_perms) in the Oracle database.
I’ve got some nice ideas from Paul’s article.
Well done.
Paul released a new article about Oracle Java Forensics. He describes how to find traces of Java attacks (e.g. via dbms_jvm_exp_perms) in the Oracle database.
I’ve got some nice ideas from Paul’s article.
Well done.
Microsoft released a patch for CVE-2010-0490. More than 1 year ago I reported this issue to Microsoft.
Finally they fixed the problem.
Bug History:
5-February-2009 – Bug reported to Microsoft Security Response Center
30-March-2010 – Patch for CVE-2010-0490 released
Today Laszlo sent me an email that he published the English version of his Hacktivity 2009 talk „Oracle authentication“ on his webpage. Laszlo was so nice to give me an English private session last year at the Hacktivity in Budapest.
His presentation contains the following topics:
I like the part where Laszlo shows how to hijack an Oracle session.
This presentation is a must for everyone interested in the Oracle authentication process.
Well done Laszlo.