Tag: Oracle

  • Down The Vulnerability Rabbit Hole

    Down The Vulnerability Rabbit Hole

    [This was originally published on RiskBasedSecurity.com.] In a recent article, The Importance of a Living Database, we detailed why it is important to revisit entries as new information comes to light. Like the times, vulnerabilities are a-changinโ€™. Weโ€™ve been known to revisit a vulnerability record over 1,200 times, which may seem excessive, and some may…

  • A quick, factual reminder on the value and reality of a “EULA”… (aka MADness)

    [This was originally published on the OSVDB blog.] This post is in response to the drama the last few days, where Mary Ann Davidson posted an inflammatory blog about security researchers that send Oracle vulnerabilities while violating their End-user License Agreement (EULA… that thing you click without reading for every piece of software you install).…

  • A Decade of Oracle Security

    [This was originally published on attrition.org] Oracle Corporation, one of the largest software companies in the world, has been providing database software for 30 years. What began as a U.S. intelligence agency funded relational database designed on a PDP-11 and never officially released, later turned into perhaps the largest and most prevalent commercial database used…

  • It’s patch xxxday!

    [This was originally published on the OSVDB blog.] A while back, Microsoft announced they were moving to release patches on the second Tuesday of each month, lovingly called Patch Tuesday. Soon after, Oracle announced that they too would be moving to scheduled releases of patches on the Tuesday closest to the 15th day of January,…

  • Weak of Oracle Bugs

    [This was originally published on the OSVDB blog.] No, not a typo. A couple weeks back, Argeniss “was proud to announce that we are starting on December the “Week of Oracle Database Bugs” (WoODB).” A couple days ago they abruptly called off the WoODB with the following message: We are sad to announce that due…

  • For Journalists Covering Oracle…

    [This was originally published on the OSVDB blog.] 2004-08-04: 34 flaws found in Oracle database software2004-09-03: US gov and sec firms warn of critical Oracle flaws2004-10-15: Oracle Warns of Critical Exploits2005-01-20: Oracle Patch Fixes 23 ‘Critical’ Vulnerabilities2005-10-19: Oracle fixes bugs with mega patch2006-01-18: Oracle fixes pile of bugs In the interest of helping journalists cover…

  • Scary Oracle Numbers

    [This was originally published on the OSVDB blog.] http://www.eweek.com/print_article2/0,1217,a=160368,00.asp On Security, Is Oracle the Next Microsoft?September 16, 2005By Paul F. Roberts While [Oracle CSO Mary Ann Davidson] acknowledges that some of the criticism from Litchfield and others is valid, outsiders aren’t privy to the 75 percent of product holes that Oracle discovers and fixes internally.…

  • .. and the debate keeps raging

    [This was originally published on the OSVDB blog.] ZDnet Asia had an article recentl, titled “Bug hunters, software firms in uneasy alliance” which brought up the age old full disclosure (or ‘responsible’ disclosure) debate. This prompted a slashdot thread with various comments. My favorite pop tart, Mary Ann Davidson (chief security officer at Oracle) managed…