eWeek Security Watch
Advertisement
Advertisement
November 20, 2006 4:29 PM

Coming in December: Oracle Zero-Day Flaws



oracle_logo.gif On the heels of HD Moore's Month of Browser Bugs and LMH's Month of Kernel Bugs, a database security research expert plans to start a new project dedicated to releasing zero-day flaws in Oracle database server and application products...

oracle_ad.jpg

Cesar Cerrudo, founder and CEO of Argeniss Information Security, is setting aside a week in December for the WoODB (Week of Oracle Database Bugs) to expose what he describes as Oracle's failure to adequately secure its products.

"We want to show the current state of Oracle software (in)security and demonstrate Oracle isn't getting any better at securing its products (you already know the history: two years or more to fix a bug, not fixing bugs, failing to fix bugs, lying about security efforts, etc, etc, etc.)," Cerrudo said in a note announcing the project.

The Argentinian hacker has stockpiled zero-day vulnerabilities for all database software vendors but decided to concentrate on Oracle because it is the "#1 star" when it comes to unpatched vulnerabilities and a laissez-faire attitude towards security.

"We could do the Year of Oracle database bugs but we think a week is enough to show how flawed Oracle software is," Cerrudo added.

Posted by Ryan Naraine on November 20, 2006 4:29 PM

| Comments (0) | del.icio.us | digg.com | Trackback | Post a Comment
TrackBack

TrackBack

http://securitywatch.eweek.com/cgi-bin/mte/mt-tb.cgi/9729

Post a Comment

 
 


RSS Syndication

Breaking News

Advertisement

Apple

Browsers

Cisco

Corporate espionage

Disaster Planning

eBay

Exploits and Attacks

Flaws

Google

Identity Theft

Intrusion Detection/Prevention

Mergers and Acquisitions

Microsoft Windows

Open Source

Oracle

Patches

Phishing and Fraud

Privacy

Product Reviews

Rootkits

Spam

Virus and Spyware

Vulnerability Research

Advertisement
Security Watch     Contact Us | Advertise | Site Map
Ziff Davis Enterprise

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
RSS Feeds | White Papers | ROI Calculators | Tech Podcasts | Tech Video |

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | eWeek Security | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | IT Marketplace | igrep

Use of this site is governed by our Terms of Use and Privacy Policy

Copyright ©1996-2007 Ziff Davis Enterprise, Inc. All Rights Reserved. Security Watch is a trademark of Ziff Davis Enterprise, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
Ziff Davis Enterprise