Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "which special characters can be used in Oracle database passwords"] [Next entry: "expired passwords, ORA-01045 and password changes"]

People are now looking for alert 68 exploits!

I spoke the other day about the recent email from Oracle reminding their customers to apply the patches that fix alert 68. This email also mentioned that Oracle are now aware that some exploits for some of the bugs fixed in alert 68 are now public.

I wanted to emphasise this as I have just seen this morning a post to the newsgroup where someone is asking about the availability of additional information about these bugs. This type of request is not the first I have seen on mailing lists and newsgroups. If this increases or the information becomes more readily available then some companies are going to have problems. Exploits are not just used by internet based hackers they can also be used internally by employees.

Apply the patches soon if you have not done so already.