Hi All As a lot of people have been interested in what I have written in the recent past about Oracle security I thought I would share a recent issue I found on an Oracle security pentest / audit with everyone. An application we looked at used the oracle system date SYSDATE quite extensively in its functionality and calculations. It was possible to cause mis-calculations in the system by altering a system parameter. I have written a short paper describing this if anyone is interested. Its at http://www.pentest-limited.com/fixed-date.htm. regards, Pete Finnigan www.pentest-limited.com -- Pete Finnigan IT Security Consultant PenTest Limited Office 01565 830 990 Fax 01565 830 889 Mobile 07974 087 885 pete.finnigan@pentest-limited.com www.pentest-limited.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 14:52:38 PST