Security Blogs

I have not been able to blog for the last couple of days as I have been in Prague teaching my companies two day class " How to perform a security audit of an Oracle database " which went really....[Read More]

Posted by Pete On 05/11/09 At 07:30 PM

I blogged last week about Dennis Yurichev's FPGA password cracker here in a blog titled " Update to Dennis Yurichevs FPGA cracker plus exploit code for the CPU CVSS 10.0 bug " and i set off two example cracker sessions....[Read More]

Posted by Pete On 02/11/09 At 10:37 PM

I got an email from Dennis Yurichev to say that he has improved the output of his FPGA cracker to now include the speed at which its cracking. Great, I asked for this enhancement. To test it i have created....[Read More]

Posted by Pete On 30/10/09 At 07:01 PM

I posted a while ago about some classes I would be teaching; well the dates are now firmed up and some have moved so its worth just publishing these again: Prague - November 3rd and 4th - This should be....[Read More]

Posted by Pete On 28/10/09 At 07:26 PM

I saw via Paul's blog yesterday that Alexandr Polyakov who works for Digital Security Research Group has written a new book on Oracle Security titled " Ð'езопасность Oracle глазами аудитора: нападение и защита " which translates in Google to English....[Read More]

Posted by Pete On 27/10/09 At 06:47 PM

OK, it is a strange title for the blog post but bear with me there is a reason for it. In the UK and I am sure in many other so called developed countries there is a norm or accepted....[Read More]

Posted by Pete On 26/10/09 At 03:26 PM

I made a note a few days ago when i saw the link to Mary Ann Davidsons (Oracle's security chief) interview with Justin at Open World had been posted to mention it here. The interview was done in the OTN....[Read More]

Posted by Pete On 23/10/09 At 01:21 PM

The latest and greatest Critical Patch Update from Oracle was released last night along with the usual advisory. I talked about the pre-release note a few days ago here in a post titled " Oracle's October pre-cpu advisory is released....[Read More]

Posted by Pete On 21/10/09 At 08:21 PM

I watched the Tonight program last night on ITV (This is a UK TV channel for all the non-UK readers of this blog) because I saw an ad for it at the weekend and it sounded really interesting. The program....[Read More]

Posted by Pete On 20/10/09 At 11:17 AM

Oracles usual pre-release for the CPU (Critical Patch Update) for October has been released. The pre-release document is usually released the Thursday before the CPU; the CPU is due out next Tuesday the 20th October. The CPU should have been....[Read More]

Posted by Pete On 16/10/09 At 07:32 PM

Just a quick post this evening; I have had a busy day. Last night i spoke at the inaugural meeting of the OWASP Leeds chapter which was a really good meeting; good audience and some good participation. Jason opened the....[Read More]

Posted by Pete On 15/10/09 At 07:42 PM

Slavik has a nice post on his blog ( picked up from my Oracle blogs aggregator ) titled " Blind SQL Injection in Oracle ". This is a nice article that discusses SQL Injection types with nice examples for Oracle....[Read More]

Posted by Pete On 14/10/09 At 02:08 PM

I found a nice blog the other week called oraganism and added to my list of things to blog about; so in visiting it again at the weekend I saw a nice post by Pawel Krol about spoofing the osuser....[Read More]

Posted by Pete On 13/10/09 At 04:04 PM

I saw a few posts on news channels at the turn of the current month talking about Oracles new "Oracle database security and compliance solution" . A quick search of google shows that this seems to have been a heavilly....[Read More]

Posted by Pete On 12/10/09 At 02:09 PM

I noticed a nice post on Robert Geier's blog a while ago and made a note to link to it from here. The post is titled " Enable Oracle auditing BEFORE you need it. " which of course carries a....[Read More]

Posted by Pete On 09/10/09 At 08:26 PM

I was sent an email from some guy promoting some twitter (or some other site of the same ilk, i dont know now as i marked his mail as junk and deleted it) software that promotes books; he found me....[Read More]

Posted by Pete On 08/10/09 At 11:01 AM

I don't talk much about security bugs anymore here primarily because my focus has always been at the auditor / help secure end of the spectrum rather than others who focus at the research/find security bugs/exploits/penetration test end of the....[Read More]

Posted by Pete On 07/10/09 At 04:29 PM

I got an email yesterday from a client I have worked for a number of times over the last 6 and a half years of running PeteFinnigan.com Limited and he asked an interesting question. He said (slightly edited) you have....[Read More]

Posted by Pete On 06/10/09 At 05:12 PM

I first chatted to Dennis Yurichev probably around a couple of years ago about his efforts to make an FPGA password cracker. We exchanged numerous emails and i think without checking back he had one FPGA cracker working that did....[Read More]

Posted by Pete On 05/10/09 At 12:47 PM

I saw via Roxana Bradescu's blog that the IOUG has released its second "annual" - not twice a year, the second time its been done - security survey. This year its different as last year bloggers like myself were asked....[Read More]

Posted by Pete On 02/10/09 At 10:32 AM