Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A paper on Sentrigo Hedgehog and Pete Finnigan webinar slides"] [Next entry: "Java forensics and Apps Security (twice)"]

Webinar Recording and Laszlo's TNS hijack and downgrades Presentation

I did a very successful pair of webinars for Sentrigo earlier this month on the 9th and 11th of March on the subject of an "Oracle Security Master Class". The USA webinar was recorded by Sentrigo and is available from this link if you would like to hear me speak on the subject of Oracle security.

Also Laszlo emailed me to say he has translated his Hactivity presentation on TNS attacks such as protocol downgrades on the Java thin client and also TNS session hijacks. This is great material. The presentation itself is here and is a 67 page pdf file. Laszlo also has released his pytnsproxy code here and also the module for Squirtle. There are also three demo videos, how to hijack an Oracle session, how to downgrade an 11g authentication when a Java thin client is used and finally a demo on how to use the squirtle module. Nice work from Laszlo as usual.