Pete Finnigan

I have posted the slides to my talk from yesterday at the OUG Scotland SIG to my Oracle Security white papers page . They are the first entries in the page. The talk was 45 minutes about Oracle Forensics. This....[Read More]

Posted by Pete On 01/05/08 At 02:23 PM

I saw a post on the BAR Solutions blog today titled " Triggers… " that was very interesting as I have had the same issue in the past for different reasons. The blog post was around an issue where triggers....[Read More]

Posted by Pete On 01/05/08 At 01:22 PM

I am writing this whilst sat on a train travelling at around 120mph between York and Darlington, this is probably my first blog entry written at speed! I saw that David had released his paper " Lateral SQL Injection: A....[Read More]

Posted by Pete On 30/04/08 At 08:26 AM

I was over in Norway this week and the Oracle User Group Norway (OUGN) asked me to speak at an evening user group meeting of theirs. This was a eally friendly group and it was a pleasure to speak there....[Read More]

Posted by Pete On 25/04/08 At 05:58 PM

Oracle's pre-patch advisory note for the next Critical Patch Update (CPU) due this Tuesday (15th) states that there are 17 new security fixes for the database, two for Apex and two of which are remotely exploitable without authentication. The advisory....[Read More]

Posted by Pete On 14/04/08 At 10:17 AM

I saw a post by Tim Hall on his blog recently that referenced a new article he had written about the new fine grained network access controls added in 11g. As this is an area I have also looked at....[Read More]

Posted by Pete On 08/04/08 At 10:25 AM

If like me you code in C and use OCI instead of Pro*C then you will be interested in a library written by Vincent Rogier. I have looked at most C++ OCI libraries, and C libraries that encapsulate OCI in....[Read More]

Posted by Pete On 07/04/08 At 11:52 AM

The Oracle password cracker woraauthbf written by Laszlo Toth has been updated and released as a new version 0.21R2 (The R2) is the new part, so even if you are running version 0.21 then please download the new release. The....[Read More]

Posted by Pete On 31/03/08 At 10:33 AM

This afternoon UK time, Morning time states side I gave a 45 minute webinar with Sentrigo around the subject of Oracle security, particularly around the issues with auditing, hacking and securing an Oracle database. I started out with a 10....[Read More]

Posted by Pete On 28/03/08 At 08:56 PM

Wow it's been a while since I had the chance to write blog entries. Business has really taken off and all my spare time is devoted to that at the moment, work, some admin, proposals, accounting...... Whilst this site is....[Read More]

Posted by Pete On 22/03/08 At 08:00 PM

I will be doing a live webinar on Oracle Security on March 28th in conjunction with Sentrigo. This is free and you can be registered at this link for this event. The webinar is based on my 2 hour Oracle....[Read More]

Posted by Pete On 15/03/08 At 08:35 PM

Oracle Security training in the Netherlands I will provide a training course in Oracle Security on April 16/17 with a Dutch Oracle training company, Transfer Solutions ( www.transfer-solutions.com ). This is my how to perform an Oracle security audit training....[Read More]

Posted by Pete On 14/03/08 At 02:14 PM

I presented at the Back to basics event organised by the UKOUG in the Paddington area of London. The event was very well attended and was hosted by Lisa Dobson. Tom Kyte, myself, Jonathan Lewis and Julian Dyke all presented....[Read More]

Posted by Pete On 29/02/08 At 05:41 PM

I have managed, last week to update my speaking events list on my sites home page to include all the presentations I will be giving over the next couple of months. I am speaking this Thursday at the UKOUG back....[Read More]

Posted by Pete On 25/02/08 At 09:49 PM

I posted yesterday about Mary Ann's post that mentioned the internal Oracle Security coding standards and Kris made a post to my blog about a very nice Oracle Corp tutorial (really a CBT) called Defending Against SQL Injection Attacks. This....[Read More]

Posted by Pete On 14/02/08 At 09:18 PM

I saw Mary Ann's interestingly titled post " Lies, Damn Lies, and Statistics " and had a read. The interesting part for me was the short discussion of the genesis and development around the Oracle secure coding standards that currently....[Read More]

Posted by Pete On 13/02/08 At 09:11 PM

It's been a few days since my last blog entry and not many over the last few weeks...:-) Business has been taking off spectacularly so I have been very very busy; burning the candels at both ends as they say....[Read More]

Posted by Pete On 11/02/08 At 09:37 PM

I subscribe to the pentest list on security focus and a recent thread around Oracle password crackers threw up links to a couple of small scripts that are worth a mention simply to keep a record of them here. The....[Read More]

Posted by Pete On 07/02/08 At 09:58 AM

PeteFinnigan.com Limited recently agreed to be the first UK partner for Sentrigo, the producer of the Hedgehog Enterprise™ and Hedgehog IDentifier™ and PeteFinnigan.com Limited will resell these products in the UK. The press release is here: PeteFinnigan.com Limited to offer....[Read More]

Posted by Pete On 04/02/08 At 01:53 PM

I keep an eye on Milw0rm as its a great source of exploits and saw the other day that 4 new posts had been made on there. These are exploits for bugs fixed in the January 2008 CPU. This is....[Read More]

Posted by Pete On 01/02/08 At 04:24 PM