Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Oracle Businesses Databases Programming Software Security IT

Oracle Zero-Day Flaw Project Cancelled 61

Posted by ScuttleMonkey from the patches-not-so-welcome dept.
Benny Folds writes "Cesar Cerrudo of Argeniss has suddenly cancelled plans to release daily zero-day flaws in Oracle databases during the first week in December. Just days before the project was due to start, Cerrudo announced that 'due to many problems,' the WoODB (Week of Oracle Database Bugs) is being scrapped. He did not elaborate on the reasons for the cancellation."
This discussion has been archived. No new comments can be posted.

Oracle Zero-Day Flaw Project Cancelled More

Oracle Zero-Day Flaw Project Cancelled

Comments Filter:

  • Re:LOL (Score:4, Insightful)

    by Josh Lindenmuth ( 1029922 ) <joshlindenmuth&gmail,com> on Wednesday November 29, 2006 @03:01PM (#17037592) Journal
    Seems like this was his plan from the beginning. I can't imagine he would risk his clients' security by releasing all these bugs ... he already got tons of publicity from /. and elsewhere.

  • Re:LOL (Score:2, Insightful)

    by Anonymous Coward on Wednesday November 29, 2006 @03:14PM (#17037812)
    I can't imagine he would risk his clients' security by releasing all these bugs ...

    It may surprise you to learn that some of us pay security consultancies to find bugs in software we use [siebel.com]. I don't really care if they then spray them all over milw0rm [milw0rm.org] or keep them quiet for use in their next pen-test; I can make an informed decision on whether to use it, and if so, what sort of controls to include to cover the risk.

  • Two words.... (Score:3, Insightful)

    by 8127972 ( 73495 ) on Wednesday November 29, 2006 @03:15PM (#17037834)
    ..... Lawsuit threat

  • Re:LOL (Score:3, Insightful)

    by rs232 ( 849320 ) on Wednesday November 29, 2006 @03:24PM (#17037974)
    1. Start a security consulting firm
    2. Request 0 day vulnerabilities from everyone for an event
    3. Get threatened with litigation
    4. Cancel Event

    "[We] do not credit security researchers who disclose the existence of vulnerabilities before a fix is available. We consider such practices, including disclosing "zero day" exploits, to be irresponsible as they can result in needlessly exposing customers to risk of attack ", Eric Maurice

    "Oracle might have caught a break with Cerrudo but the upcoming release of a hacking handbook by database security guru David Litchfield .. titled The Oracle Hacker's Handbook .. promises an in depth examination of all the techniques and tools that hackers use to break into Oracle database servers"

  • Oracle (Score:5, Insightful)

    by RAMMS+EIN ( 578166 ) on Wednesday November 29, 2006 @03:30PM (#17038080) Homepage Journal
    Consider the hostile position Oracle takes when it comes to publishing benchmark results, I would not at all be surprised if they had an even more hostile position regarding publishing vulnerabilities.

  • Unbreakable when in court (Score:2, Insightful)

    by Anonymous Coward on Wednesday November 29, 2006 @04:05PM (#17038708)
    This is obviously due to legal threats from Oracle towards Cerrudo.

    It's not as if database hacking isn't still the easiest way to compromise a server.
    The DBA's are angry about 0-day exploits being released as they don't want to do what they are payed for: Keep the server current.
    Oracle is angry because it makes them look worse as their competition, which is maybe even true. Hey... the database is vastly known for its complexity and we techies all know how much security and complexity like one another.
    Finding 7 non exposed oracle security bugs is not even a challenge!

    --
    Wil

Slashdot Top Deals

The only possible interpretation of any research whatever in the `social sciences' is: some do, some don't. -- Ernest Rutherford

Close