| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jul 2005 00:40:34 +0100 From: "David Litchfield" <davidl@...software.com> To: <bugtraq@...urityfocus.com> Subject: Oracle and setting the record straight Hey all, I don't know whether this helps serve any purpose or not, other than the vent some of my own frustrations; however... In the wake of the release of Alex Kornbrust's details on some Oracle flaws there has been some discussion in various places about when I supposedly did the same thing last year at Blackhat - i.e. release information on Oracle bugs in the absence of a vendor supplied patch. For the record, I did _not_ do this. So, setting the record straight: I was due to present a talk that centered around a batch of Oracle vulnerabilities at Blackhat last year. I gave Oracle a heads up and explained that I intended to do so and questioned whether the patches would be ready. On the day of the talk I was informed by Oracle that the patches were not ready and so when I got up on the stage I proceeeded to tell everyone exactly why I could no longer do the talk. i.e. I can't do the talk because Oracle failed to patch the problems I was going to talk about. I did not discuss in any form or fashion the actual bugs. Cheers and apologies to those who really don't care, David Litchfield NGSSoftware http://www.ngssoftware.com/
Powered by blists - more mailing lists