I really had better caveat this by saying that although I live in the UK and
have a similar name, I have no connection to David Litchfield (at least none
I am aware of - it seems likely that we are at least distantly related).
On 10/7/05, Ray Stell <stellr_at_cns.vt.edu> wrote:
>
>
> Is that true? Are the Alert 68 holes still there? I thought I
> patched that about 4 or 5 times? ;)
>
I think that is rather the point, that rather than looking at example
exploits and fixing the underlying cause - it looks as if Oracle have
stopped specific example exploits. David is an extremely well regarded
security researcher; I'd find it extraordinarily unlikely that what he
writes is unjustified. It is also worth reading the Mary Ann Davidson
interview that he refers to, it was an extraordinary piece of work with the
CSO of Oracle attacking the security industry rather than making a serious
case for the approach Oracle takes to security.
--
Niall Litchfield
Oracle DBA
http://www.niall.litchfield.dial.pipex.com
--
http://www.freelists.org/webpage/oracle-l
Received on Fri Oct 07 2005 - 15:01:11 CDT
