Pete Finnigan's Oracle Security Weblog

I saw a post yesterday on my Oracle security forum by DSU titled "Oracle Security Tools (GUI)" that talks about a new Russian Oracle security tool written to test Oracle vulnerabilities. The tool is limited at the moment. The site that hosts the code is http://securetools.ru/en/index.php and the code can be downloaded from http://securetools.ru/tools/OraSecureTools.7z; beware that my virus scanner says the site could be malicious although I am unsure that this is actually true.

[update: cyber$snake has posted a comment below confirming that his download not malicious and there is a virus check link posted as well - the issue of genuine security tools being picked up by commercial virus scanners can be a problem that i have seen before; this is often because genuine tools get listed on sites that are the source for virus definitions]

DSU has written a quick summary of the new tool on his blog and also the site hosting it contains a lot of screen dumps of the tool in action. As DSU says its limited at the moment but development is in hand.

DSU has also got a nice blog about Oracle security written in Russian. Translating is easy with google to English although as always code and pictures are readable anyway in English. I have added DSU's blog to my oracle blogs aggregator so you can always get a link to new posts. For inastance today he has just posted an exploit for DBMS_SQLHASH.GETHASH written in Perl for instance.