Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Security experts see vulnerabilities in embedded databases"] [Next entry: "Tom has a great post about continuity of operations"]

Andrew Clarke has a post about Google hacking Oracle

I saw today a post on Andrew's blog titled "Oracle...Most Insecure Database!" which relates the story of an Oracle forums post that is now not working, most likely removed!. The post talked about a person who had been reading an excellent paper on Application Security Inc's site titled "Search Engines used to attack databases" and then apparently applying what he had learned to hacking Oracle databases. Andrew had confirmed with the OP that he had in fact attacked his own Oracle databases.

This post prompted me to re-read Aaron's paper which is excellent.