Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Justin talks about a new series of papers on Oracle security by Arup"] [Next entry: "Oracle have released an email warning customers about the latest worm"]

Howard has some good advice on protecting against worms

I have just seen Howards post to his blog about the recent full disclosure by an annonymous poster of updates to the voyager worm. The post is titled "Defcon 1". The post starts by saying that "eminent experts have published crippled worms". This part I do not agree with as the worm was published by someone anonymously, if Howard meant by that phrase that the "expert" was known. We do not know who published it - well at least I don't know. Indeed there was a thread on my Oracle Security forum were some of the members had done some basic research to try and identify the author based on some key phrases in his code.

Anyway, Howards post gives some excellent advice on what basic steps should be taken to protect against this worm.