Re: Kaspersky doc (not OT)

Thanks for the reply.
Based upon timing it may have been aimed at app owners and users and not for db servers as "real" databases weren't likely on wintel then. I do have to wonder if they would have managed to code around the Pentium IV bug.

Paul
On Feb 17, 2015 9:41 AM, <david_at_databasesecurity.com> wrote:

> Hi Paul,
> It’s my understanding that the conference in Houston referenced on page 15
> was a scientific conference not related to Oracle. The Oracle CD incident
> is separate and was likely to have been highly targeted at a specific
> “customer”. Safest thing to do is, if you are concerned, is update your
> anti-virus software with the latest signatures and run a full scan.
> Co-incidentally, I’m running a full scan right now with the MS Malicious
> Software Removal Tool :)
> Cheers,
> David
>
>
> From: Paul Drake
> Sent: Tuesday, February 17, 2015 2:24 PM
> To: oracle-l
> Subject: Kaspersky doc (not OT)
>
>
> Might anyone have attended a conference in Houston that had bonus material
> provided on physical media?
> I'm referring to page 15 of the doc referred to from the site isc.sans.edu
> .
> Oracle corp did not start to provide hashes/digests until relatively
> recently. Getting software on CDs would have bypassed downloading the
> software.
> Where I want to go with this is to attempt to determine if any systems
> were in fact compromised in the past.
> I doubt that such a vector was limited to a single conference.
>
> Paging David Litchfield, Pete Finnegan and Paul Wright ...
>
> Paul Drake
>
>

--
http://www.freelists.org/webpage/oracle-l