Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "DBMS_SCHEDULER as a new alternative for DBMS_JOB by Patrick Sinke"] [Next entry: "Security expert calls for Oracle makeover"]

Argeniss are selling 0-day exploits for Oracle

I was made aware of this URL today by someone. I was vaguely aware that the guys at Argeniss were selling exploit information but had not had the time to take a look. The page on their site titled "Argeniss Ultimate 0day Exploits Pack" details the service available to those penetration testers or tool manufacturers who want to test if various IPS/IDSAnti* type products are working well with 0-Day bugs for various software. These include a list of 6 exploits for Oracle. I can see the value in this for people who do not have the skills or time to find these bugs to be able to test expensive tools they may have implemented or for vendors to also test their products that are supposed to trap 0-day bugs. I can also see the downside that others may buy the details for other nefarious reasons. I leave it to you the reader to make your own mind up.