hi all, Wasn't there a bunch of DoS issues i seem to recall? Wonder what they would say about that? Agreed seem to be a pub stunt much like a co starting with J did with there crypt IIR.. Regards Pete Finnigan wrote: > Hi all > > Oracle do seem to be pushing security from every angle and in the UK I > believe they have recently formed a department to offer security > services, pentest's and audits, maybe its a publicity stunt to attract > interest in the security addons and services.:-) > > I do Oracle security audits and pentest's and i have never yet seen an > oracle database or applications that have been installed securely yet. > In particular the 9iAS application server has quite a lot of issues that > can allow access to be gained or privilege escalation to be had. > > Its a pity that Larry is not offering $1,000,000 to break in like they > did recently for performance challenges. > > just my two penneth, > cheers > Pete Finnigan > www.pentest-limited.com > > In article <20011116112119.B26436at_private>, > aleph1at_private writes > >http://www.varbusiness.com/components/Nl/Insider/article.asp?ArticleID=31368 > > > >[ snip ] > > > >Ellison also said hackers and cybercriminals can't break into the database > >because of its enhanced security and stability. He said he was warned not to > >call Oracle 9i unbreakable because it would attract hackers eager to break > >into Oracle databases, but despite increased attacks recently, all attempts > >have failed so far, Ellison said. > > > >"I'm not inviting hackers, but so far, with more than 1,000 attacks a day, > >we're still running," Ellison said. "Our very first customer was the CIA. > >Our second customer was the National Security Agency." > > > >[ snip ] > > > >"What we're proposing is you keep your Microsoft Outlook, we'll make it > >unbreakable," Ellison said. "And unbreakable means you can't break it and > >you can't break in." > > > >[ snip ] > > > >More at http://www.oracle.com/features/events/index.html?ljecomdex.html > > > >Sounds like a challenge to me. I think you can download evaluation copies > >of Oracle products at http://otn.oracle.com/software/content.html > > > > -- > Pete Finnigan > IT Security Consultant > PenTest Limited > > Office 01565 830 990 > Fax 01565 830 889 > Mobile 07974 087 885 > > pete.finnigan@pentest-limited.com > > www.pentest-limited.com
This archive was generated by hypermail 2b30 : Sun Nov 18 2001 - 15:44:21 PST