Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] In the interest of helping journalists cover Oracle..

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] In the interest of helping journalists cover Oracle..
Date: Fri, 20 Jan 2006 00:14:26 -0600 (CST) 
Forwarded from: security curmudgeon <jericho@attrition.org>

http://www.osvdb.org/blog/?p=86

In the interest of helping journalists cover Oracle.. perhaps they should 
just move to a templated form to save time?

---

By [YOUR_NAME]
[YOUR TITLE], [YOUR PUBLICATION]
[DATE]

Oracle released on [DAY_OF_WEEK] fixes for a [LONG/HUGE/MONSTROUS] list of 
security vulnerabilities in [ONE/MANY/ALL] of its products. The quarterly 
patch contained patches for [NUMBER] vulnerabilities.

Titled "Critical Patch Update", the patch provides 
[FIXES/REMEDIES/MITIGATION] for [NUMBER] flaws in the Database products, 
[NUMBER] flaws in the Application Server, [NUMBER] flaws in the 
COllaboration Suite, [NUMBER] of flaws in the E-Business Suite, [NUMBER] 
of flaws in the PeopleSoft Enterprise Portal, and [NUMBER] of flaws in the 
[NEW_TECHNOLOGY_OR_ACQUISITION].

Many of the flaws have been deemed critical by Oracle, meaning they are 
trivial to exploit, were likely discovered around 880 days ago, and are 
trivially abused by low to moderately skilled 
[HACKERS/ATTACKERS/CRACKERS].

"[DULL_QUOTE_FROM_COMPANY_WHO_DISCOVERED_NONE_OF_THE_FLAWS]" security 
company [COMPANY] said yesterday as they upped their internet risk warning 
system number (IRWSN) to [ARBITRARY_NUMBER]. "This is another example of 
why our products will help protect customers who chose to deploy Oracle 
software" [ARBITRARY_CSO_NAME] stated.

"[COMPLETELY_BULLSHIT_QUOTE_ABOUT_PROACTIVE_SECURITY_FROM_ORACLE" 
countered Mary Ann Davidson, CSO at Oracle. "These hackers providing us 
with free security testing and showing their impatience after 880 days are 
what causes problems. If these jackass criminals would stop being hackers, 
our products would not be broken into and our customers would stay safe!"

Oracle has been criticized for being slow to fix security flaws by 
everyone ranging from L0rD D1cKw4v3R to US-CERT to the Pope.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] In the interest of helping journalists cover Oracle.., InfoSec News <=
Previous by Date:  [ISN] Secunia Weekly Summary - Issue: 2006-3, InfoSec News
Next by Date:  [ISN] Cisco product flaws affect VoIP gear, routers, InfoSec News
Previous by Thread:  [ISN] Secunia Weekly Summary - Issue: 2006-3, InfoSec News
Next by Thread:  [ISN] Cisco product flaws affect VoIP gear, routers, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]