Pete Finnigan's Oracle Security Weblog

Wow it's been a while since I had the chance to write blog entries. Business has really taken off and all my spare time is devoted to that at the moment, work, some admin, proposals, accounting......

Whilst this site is a good marketing tool for my business that has risen as a side effect of creating a lot of content over the years. The site existed before the company and also existed whilst i took a sabatical into salaried work as well some time ago so has always gone on and will always do so even if i work for a company of the same name and it helps promote me, i always treat it as a place to share information. I always enjoy researching and finding out new things about Oracle. I am still doing this day to day as part of real work (paid work) and also as part of internal projects but writing here has become hard to fit it, even answering all emails has become hard to fit in, but I am keeping a "todo" list for the blog. It's not dead!

The great tool written by Joxean Koret called Inguma has just been updated to version 0.0.7.2 by Joxean. Whilst the tool is certainly much more than an Oracle security tool its got some great Oracle features, including the PL/SQL fuzzer. The latest version has fixed a lot of bugs and enhanced a lot of sections including the Oracle ones.

There are 5 new Oracle modules, 4 for the January 2008 CPU and one for the Oracle PL/SQL gateway flaw. Simply pass an IP Address and run "oragateway", the module will guess the DAD and use the bypass technique and open an SQL terminal.

Looks good, give it a download from here, the download page on the main site seems to get into a redirect loop.