I was made aware of this URL today by someone. I was vaguely aware that the guys at Argeniss were selling exploit information but had not had the time to take a look. The page on their site titled "Argeniss Ultimate 0day Exploits Pack" details the service available to those penetration testers or tool manufacturers who want to test if various IPS/IDSAnti* type products are working well with 0-Day bugs for various software. These include a list of 6 exploits for Oracle. I can see the value in this for people who do not have the skills or time to find these bugs to be able to test expensive tools they may have implemented or for vendors to also test their products that are supposed to trap 0-day bugs. I can also see the downside that others may buy the details for other nefarious reasons. I leave it to you the reader to make your own mind up.
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "DBMS_SCHEDULER as a new alternative for DBMS_JOB by Patrick Sinke"] [Next entry: "Security expert calls for Oracle makeover"]
April 2006
- Oracle releases, then pulls, zero-day database exploit code - 04/10/2006 by 04/10/2006
- At the PSOUG Oracle day in Seattle - 04/14/2006 by 04/14/2006
- Happy birthday to Tom's blog - 04/17/2006 by 04/17/2006
- What is amazing is that a lot of CPU patches are not available until May!! - 04/18/2006 by 04/18/2006
- CERT Issues Alert for Oracle - 04/19/2006 by 04/19/2006
- Exploit code available for one of the bugs fixed in April 2006 CPU - 04/20/2006 by 04/20/2006
- My site is moving so could go down for a short while - 04/21/2006 by 04/21/2006
- My site is moving now - 04/28/2006 by 04/28/2006
- A quick update on my sites progress - 04/30/2006 by 04/30/2006
Archives
Syndication
Powered by gm-rss 2.0.0
