lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <443CF253.1050001@digitalmunition.com>
Date: Wed Apr 12 13:36:22 2006
From: kf_lists at digitalmunition.com (KF (lists))
Subject: RE: Oracle read-only user
	can	insert/update/delete data

And I have to say once again: your vendor is very careless and 
irresponsible for publishing
so much crappy code. This is what is really endangering many customer 
production databases.

That and the mentality that they can only offer this kind gentleman 
"*small amount of fame*" for his
time had he chosen to work with them in a more "responsible" manor.

Go bitch to your vendor.... stop trying to kill the messenger.

Even if they do include the fix in the next cpu... how many other holes 
are laying around for you to worry about it. I'd be willing to bet 
theres a few.

Wake up people.... these companies pwn your wallet and feed you BS 
products.
-KF


Van Winssen, Andre A SITI-ITIBHW5 wrote:

>Alexander,
>I have to say it once again: your company is very careless and irresponsible for publishing 
>so much detail about this new oracle security flaw for which no patch exists yet, endangering
>many customer production databases.
>I have sent testcases to Oracle too that shows that it works against any oracle version currently
>available. I expect oracle to include the fix in the next cpu, but have my doubts. 
>
>Kind regards,
>Andre van Winssen
>
>-
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ