Alexander Kornbrust of Red-Database-Security has started a new Oracle security blog (just added to OraNa.info). He also posted new Oracle security videos, 10 as of today.

Oracle Applications 11i Encrypted Password String Disclosure (PDF): An undisclosed security vulnerability exists in Oracle Applications 11i that may allow an unauthenticated, internal attacker to obtain Oracle Applications’ user account encrypted password strings, which in turn can be decrypted using previously published information. An attacker can potentially obtain either any user’s password or the Oracle […]

Integrigy has just published an updated version of the white paper on the Oracle database listener security.

From the introduction:

The Oracle Database Listener is the database server software component that manages the network traffic between the Oracle Database and the client. The Oracle Database Listener listens on a specific network port (default 1521) and […]

David Litchfield has just published two chapters from his book The Oracle Hacker’s Handbook: Hacking and Defending Oracle.

Indirect Privilege Escalation (PDF)

In this chapter, David gives two examples, one with CREATE ANY TRIGGER and another with CREATE ANY VIEW to demonstrate how these privileges can be abused to gain DBA privileges. In fact, a user who […]

David Litchfield published a paper demonstrating how an unclosed or dangling cursor created and used by DBMS_SQL can lead to a security hole.

I ran his proof of this vulnerability on my Oracle Database 10g Express Edition database.

Connected as SYS:

SQL> CREATE OR REPLACE PROCEDURE pwd_compare(p_user VARCHAR) IS 2 cursor_name INTEGER; 3 […]

SearchOracle.com has just published a couple of interesting podcasts.

The first, titled Expert says PL/SQL change needed in Oracle 11g, is an interview with Steven Feuerstein.

In the interview, Steven answers the following questions:

Considering how big OpenWorld has become, should there be a separate conference for PL/SQL developers? Your session at the conference was entitled “Ten things you […]

Everything you wanted to know about SQL injection Review of several types of SQL injection attacks and how they occur and what web developers and end users can do to prevent them. […]

I stumbled upon this website which has the following interesting screencasts demonstrating the use of a penetration testing tool for Linux:

Tunneling Exploit WEP Cracking Spoof attack Client side attack

(IE may not display the screencasts correctly. Best viewed in Firefox)

It also has this interesting, and rather disturbing, animated GIF image:

click to see it in action

And finally, a web page […]

I have just finished listening to a very interesting podcast interview with Pete Finnigan (via SearchOracle.com). Pete discusses the problems with Oracle PL/SQL wrapping and hopes that Oracle releases all the built-in PL/SQL packages unwrapped as clear text, as in open source, so that everyone can help with finding bugs. Pete also advises DBAs to […]

There is an article on Silicon.com about how companies can manage their passwords. The author offers the following tips for fostering a culture of secure and more effective password management:

Passwords must not be written down. Passwords must be set. When the password is “ChangeMe”, then change it. Require as few passwords as possible. Balance how much password […]