| Related sites for http://www.petefinnigan.com/weblog/entries/index.html |
| Ernharth_Group Consultants on investing, personal and corporate retirement plans, insurance and tax strategies. | | Mechaless_Optoelectronic_Systems_GmbH Manufacturer of optical switches and sensors. Site in German and English with application examples. | | James_Nursery_Company Supplies bare root, container, and B&B nursery stock. | | Chinese_Interpreter Interpreting in Chinese and English, and translation in Taiwanese and Hokkien. Freelancer Su-jen (Rita) Huang based in Brisbane, Australia. | | AltaLink A Calgary-based company, responsible for almost 60 percent of Alberta's electrical transmission requirements. | | Systems_Technology_Inc__Formerly_Baldwin_Stobb Manufacturer of material handling equipment for the printing and packaging industries. Conveyors, vertical and horizontal log stacker bundlers, trimmers, robotic palletizers and Levimatic wrap-around | | Sorghum_Energy_Management_Company Project in the UK to produce environmentally sustainable energy from sorghum crop. | | Magnolia_Color,_Inc_ Color printing of brochures, rack cards, postcards and pocket folders for the hospitality industry. | | Free_Trade_Front Asia, America, Europe and Africa products for export and import in easy format. | | Coastal_Administrative_Services,_Inc_ A TPA located in Washington with the focus on self-insurance. Medical, dental, vision, MSA plans, FLEX, Section 125 and Cafeteria plans are offered. | | Peel_Productions,_Inc_ How-to-draw and picture books. Includes the Alphabet Riddles series. Ages 8 and up. | | Kilban_Foods_(India)_Pvt__Ltd_ Produces pickles, jams and sauces. Brief product information, company and manufacturing details. | | European_Private_Equity_and_Venture_Capital_Association_(EVCA) Globally promotes and facilitates European venture capital and private equity. Find information about investing, upcoming events, training, and publications. | | Metalworks_Co_,_Ltd Manufacture and trade castings, forgings, manhole covers from China. | | Open_Ocean_Aquaculture_Program_at_the_University_of_New_Hampshire The overall goal of the project is to stimulate the further development of commercial aquaculture in New England, thereby increasing seafood production, creating new employment opportunities, and cont | | Jobs_For_Youth_Chicago Helps prepare high-school dropouts for the GED, offers pre-employment workshops, job placement service and other help especially for youths from low-income families in Chicago. | | Weber,_John_C___Jr_ BSCS graduate seeking employment as a programmer, analyst, or Web designer. | | Top_Drawer_Surbiton Manufactures built-in and fitted furniture including bedrooms, alcove units, home studies, kitchens and other types of furnishings. Surbiton, Surrey, United Kingdom. | | Celltrade Provides an online cell phone contract exchange program in America. | | Cozy_Industry_Co_,_Ltd Manufacturer and exporter of furniture. China. |
|
Pete Finnigan's Oracle security weblog body { text-align:center; font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; line-height: 18px; color: darkblue; background-color: #fff} #frame { width:720px; margin-right:auto; margin-left:auto; margin-top:40px; padding:0px; text-align:left;} #contentcenter { width:550px; margin-top:3px; float:left; background:#fff;} #contentright { width:160px; padding:5px; margin-top:3px; float:left; background:#fff;} #contentheader { background:#fff} p,h1,h2,h3,pre { margin:0px 10px 10px 10px; padding-top: 0px;} h1 { font-size:16px;}h2 { font-size:14px;}h3 { font-size:12px;} #contentheader h1 { font-size:14px; margin:0px;} #contentright p { font-size:10px;}.button { border: 1px solid #000;}.text { border: 1px solid #000; color: #000;}.raised { position: relative; top: -12px; left: 12px; padding: 4px; background:#fff;}table.calendar { margin-left: 10px;}    There are 29 visitors online Services | Portal | White Papers | Scripts | Tools | Newsletter | Information | Alerts | Search | Weblog / Forum | What's New About Us Consulting Services Training Courses Oracle Security Research Database Policy Partners Products Careers Pete Finnigan Contact Details Events Oracle Security Database Security Database Software Security Web Development Programming Off Topic Oracle Security Oracle Security (Page 2) Others Ramblings Oracle Security Tips SQL and PL/SQL Unix Tools Audit Tools Default Password Checker Default Password List Oracle Security Scanner Subscribe Un-Subscribe Recent Newsletters Web Links Books Oracle Newsgroups Oracle Blogs Oracle news Feedback / Enquiries Guestbook Site Map Site Statistics WebLog Forum Security Issues Database What's New Register for Updates PeteFinnigan.com in the news Pete Finnigan's Oracle security weblog Two new blogs on Oracle internalsOctober 13th, 2008 by PeteIts like buses in the UK, you wait for ages for one to arrive and nothing, then suddenly there are two along at the same time. I have just added two new blogs to my Oracle blogs aggregator that are focused on Oracle internals. If like me you are interested in Oracle security then you should also be interested in Oracle internals. The two should go together hand-in-hand, why? well details of how something works helps you understand more detail so that you can better understand how it may be broken or hacked and then obviously better understand how to fix it (read, secure it). The first blog is Dennis Yurichev's who is a reverser and a security researcher. There are some interesting posts, particularly the dumps from the Oracle binaries that show "probable" function calling sequences in the Oracle library. Useful if you want to see some sort of heirarchy or match to a trace created with a tool such as truss or strace. I have known Dennis a long time via email so its nice to see him start a blogThe second blog is that of Miladin Modrakovic whom I have also known via the net for a ling time due to him asking me to publish some of his papers on my site around direct SGA attaches and also oradebug use. The links and papers are in his new blog posts so have a browse. Both blogs have a slightly different focus but both firmly around internals, along with Tanels blog we now have the promise of some great internals info. [No Comments]Happy Belated 4th Birthday to my blogOctober 2nd, 2008 by PeteWell, it is slightly late BUT I have been blogging about (almost exclusively) Oracle security for 4 years now, the longest running blog dedicated just to Oracle Security. I started this blog on 20th September 2004 and it has been a sort of tradition to create a summary post on the blogs birthday about how it is doing. My first anniversary post titled "Happy first birthday to my Oracle security blog!" included a bit of detail around why I wanted to post about Oracle security what I planned to cover and also the fact that it had not actually been a problem to find things to write about in a subject that even I thought at the start may not have enough topics to cover. I managed 560 posts in the first year. Interestingly my stats had gone from 10,000 visits per month to 64,000 in one year. Also I was getting around 0.5 Million visits in a year.The second anniversary was covered by a post titled "Two years of Oracle Security blogging and still going strong"; I had dropped off on the number of posts but I was still going strong. I had now around 1.2 Million visits a year and I included details of some highlights.Last years anniversary is covered in a post titled "September 2007 - 3 years of Oracle security blogging" and this marked another slow in the number of posts, down to 220 in the year, visits up to 1.5 million and now around 4 million page views a year.Well that brings us to this years anniversary, wow, the year has passed by so fast. I have again lowered the number of posts made in the year, down to 109. As I said at the beginning of last year, one of my highlights was re-starting PeteFinnigan.com Limited - well not re-starting as such but being re-employed and running it again. This has been my focus for the last year and will continue to be so. I have really enjoyed the work, the research, the training classes I have taught, all of the presentations I have given and the indulgence in learning more about securing data. It has been hard work and I have seemed to have been busy almost all of the time. There was even a post on my forum some time back where someone suggested Oracle security was now good enough because the likes of me, David and Alex write less now. In may case and i know the others this is not because Oracle security is now good enough but because I have been so busy helping people secure Oracle. OK, stats, the number of visits has grown to around 1.6 million a year and page views to around 4.3 million a year. So not bad, not growing as fast but growing nonetheless.The slow down i have had in terms of numbers of posts has not been due to a lack of material, I still believe that there is plenty to talk about around Oracle security, in fact the pool of knowledge is growing rapidly, this is good of course. The slow down for me is that i have been very busy, still am. I would like to have more time for research, pure research rather than improving my tools, writing more, papers and presentations but to dig deeper into some new area and add more value to the whole area of Oracle security.I am going to try and beef up the number of posts but cannot promise. I have also re-started my Oracle Security newsletter recently, a new one is coming in the next few days, I have started to write it!. OK, one more year over, lets have a good year coming up securing our Oracle databases. [1 Comment]Slides from my Oracle Security Masterclass at White-Hats are availableSeptember 29th, 2008 by PeteI have just posted the slides from my talk last Friday at the White-Hats event in London. The Oracle Security Masterclass is based on previous ones but the slides are not exactly the same. The slides are on my Oracle Security White Papers page. [No Comments]Oracle Password Cracker written in PL/SQL is availableSeptember 25th, 2008 by PeteI have just created a dedicated page for my PL/SQL Oracle database password cracker and also linked to it from the Oracle Security Tools page. The code is available as a zip file at the end of the PL/SQL Oracle password cracker page. I won't go into more detail here as I have shown it running previously in this blog in a post titled "A new Oracle Password cracker that runs inside the database" and I have also described it in great detail in the page for the cracker, listed above.Its raw and beta still and I have some work to do to it, but its stable and works so its worth putting it out now. I will make some changes over the coming days and add some more functionallity and post up the updates when they are ready. I recommend anyone interested in securing their database to download it as its free, its simple, you can run it in SQL*Plus, so there is no excuse now for any DBA to not hardend and strengthen the passwords in their databases. [No Comments]Oracle Security talk available as slides and also videoSeptember 25th, 2008 by PeteOn Tuesday I did a webinar for Sentrigo on the subject of Oracle Security (of course). This went well and we had quite a good attendance. I started the talk with a ten minute or so demo of hacking an Oracle database to steal credit cards. I wanted to get across the message that hacking Oracle is not about granting DBA to PUBLIC or SCOTT but its about any privilege or access abuse that allows data to be stolen. Unfortunately (for the owners of data) its not rocket science to steal data from an Oracle database. The slides for the presentation are available on my Oracle Security white papers page. Also Sentrigo recorded the session as video. This is available from this URL: https://www2.gotomeeting.com/register/626729368 [No Comments]An update, slides, USA and a masterclassSeptember 23rd, 2008 by PeteWell it has been a really busy last few weeks, phew.... I have had litle free time to do anything for myself except work for clients and keep the business running. On one hand thats great, but on the other it would also be nice to have free time.OK, a number of people have emailed me, sent me PM's, even someone sent me an SMS and a couple of blog comments have been posted. What is happening with the PL/SQL password cracker. Well I just have not had free time to sort it out. I need to simply add a header text to it, clear out all the debug code, ideally add the 11g code and of course post it up. I am going to have some free time Thursday so I will promise to post it up on my tools page on Thursday and also mention it here. Sorry to those that have been waiting and sorry to those who have been teased by seeing it running last week in Iceland.I also gave a webinar talk today for Sentrigo on the subject of Oracle security of course. This was fun although it is still weard after now having done three webinars to speak and get absolutely no feedback. I will post the slides on my site on Thursday for those who have asked me about them.I also saw a couple of posts last week around travel to the states and the new rules that allow the US customs to take laptops and other electronic items to review. This is very worrying as it is probably pot luck as to whether you fall victim to this. There is a story "Homeland Security: We can seize laptops for an indefinite period" about it and some tips on PC World in an article titled "Five Things to Know About U.S. Border Laptop Searches" and finally Toms experiences in the same area in a post titled "Crossing the border... ". This is a worry if you use a laptop for your business, what do you do?, stay out of the states, dont take a laptop, or email in your data and collect it there? - i guess if you need to go to the states you need to prepare for this. Finally for this short post, i saw from browsing the UKOUG calendar for the conference in December that i have also had my Oracle Security Masterclass accepted. This is good news and should be a fun session. I have enjoyed the masterclasses particularly in the past as they allow a more in-depth look at the subject. I will talk more later in the year about the content of this masterclass, it will be worth coming along.OK, enough for now, i have worked past midnight a few nights i the last week, i need a rest..:-) [2 Comments]Oracle Security webinar with Pete FinniganSeptember 17th, 2008 by PeteNext week on the 23rd of September at 15:00 UK time I am going to be doing another webinar on Oracle database security with Sentrigo. Here are the details being sent out for the webinar, I would be please for any of you to join us on this event:"JOIN US FOR A LIVE WEBINARDatabase Security Masterclass with Pete FinniganDATE: Tuesday, September 23rd TIME: (US Attendees) 7am PT/ 10am ET (UK Attendees) 3pm UK DURATION: 60 Minutes REGISTRATION: https://www2.gotomeeting.com/register/626729368EXPERT ADVICE: Back by popular demand, Pete Finnigan, one of the world's foremost authorities on database security, will lead this live Database Security Masterclass. In this Masterclass, Finnigan will share his knowledge and best practices on securing the DBMS. For over a decade, Finnigan has been one of the most well-known experts on DBMS security, has authored a best-selling book on the topic and regularly attracts large crowds at user group events in the UK and the US, and many security conferences world-wide. He consults to a wide array of blue-chip clients, and his Website (www.PeteFinnigan.com) comprises the best reference on the Web for Oracle database security. Learn about: • How databases are compromised (including live demonstrations) • Techniques and tools that can help secure the DBMS • Priorities in risk mitigation and remediation of security gaps Plus: LIVE DISCUSSION and INTERACTIVE Q&AREGISTER NOW! https://www2.gotomeeting.com/register/626729368If you are unable to join us but know of a colleague in the database or security departments who may be interested, please feel free to forward them this e-mail.Best regards, The Sentrigo team" [No Comments]Oracle Security Masterclass slides availableSeptember 15th, 2008 by PeteIt has been a while since my last blog entry, things have been very busy work wise over the last few weeks, lots of travelling all over the place and lots of work..:-)Last week I was in Reykjavik to teach an Oracle Security Masterclass, which went really well. The slides are available on my Oracle Security White papers page, first entry.I have not forgotten about releasing the PL/SQL cracker. The code still needs cleaning, I hope to do this and release it in the next few days, please bear with me. [1 Comment] October 2008SMTWTFS 12345678910111213141516171819202122232425262728293031 This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.Weblog HomeWeblog ArchivesOracle Security Step-by-Step (Version 2.0) HomeOracle Security Tools pageOracle security papersOracle Security alertsWeb DevelopmentSQL Server Security   Powered by gm-rss 2.0.0  PrintCopyRight(); |
|
