Does Software Security Suffer When The Customer Is No Longer Master?
When it comes right down to it, you can only have one master – one that you serve and aim to please above all others. If you went around asking CEOs who their company’s master is, you’re likely to get...
View ArticleBreaking Down The Oracle 0-Day TNS Listener Poison Attack
A lot has been written in the last week about the Oracle TNS Listener Poison Attack (CVE-2012-1675). Not everything that has been published is correct. I have spent a great deal of time investigating...
View ArticleCTXSYS.CONTEXT Privilege Escalation
Update: Oracle released a patch for this vulnerability. For details, please see my latest post here. Last Thursday, at the 2012 Black Hat Conference in Las Vegas, David Litchfield released the...
View ArticleOracle Security Alert for CVE-2012-3132
Here’s an update on the Oracle vulnerability we discussed last week. On Friday, Oracle issued a Security Alert to address the vulnerability. For those of you who didn’t read the post last week, read...
View Article
More Pages to Explore .....