Tag Archives: Oracle security

NMap 7 is out

Yesterday I read that there is a totally new release of nmap, the network mapping tool. I’ve blogged about Nmap before. Version 7 has attacks against Heartbleed, it has mature IPv6 support, faster scans on Windows and BSD systems. And … Continue reading

Posted in Oracle security | Tagged , , , , , | 1 Comment

How can we sell security? (Part 2)

At the Security Roundtable at the UKOUG Tech 2014, an important topic was how we can convince organizations to work on improving security. I originally envisioned this as a keynote like presentation. But seeing that UKOUG Tech 2015 was still a … Continue reading

Posted in Oracle security | Tagged , , , , , , , , , | Leave a comment

How can we sell security? (Part 1)

I like to say that projects wherein you try to improve security on existing systems are like losing weight: everybody wants to, but not everybody does. If you would ask management if they consider security imporant, they probably would say … Continue reading

Posted in Oracle security | Tagged , , , , , , | Leave a comment

% ANY % privileges and other excessive privileges

Suppose you are a security-minded Oracle DBA and one day a project knocks on your door. They have an application and to run it on an Oracle 11g R2 database, their application user needs a list of 76 database privileges … Continue reading

Posted in Oracle security | Tagged , , , , , , , | Leave a comment

The incredible speed of dictionary attacks in password cracking

As I wrote last week, I did an Oracle database hacking training. One of the exercises was to get password hashes from sys.user$ (in 10g and before: dba_users) and brute force crack the password with woraauthbf 0.22. In the database … Continue reading

Posted in Oracle security | Tagged , , , , , | 1 Comment

Having a ball with the hacking training

Today I did my third out of four database hacking sessions at work and I have to say it again was a lot of fun. It sure did raise security awareness. My training of four hours consists of the following … Continue reading

Posted in Oracle security | Tagged , , , , , , | 1 Comment

oracle-enum-users doesn’t work on Nmap 6.25

Currently I’m working on a hacking demo for the Planboard Symposium. The sessions will be on May 28th in Utrecht. The language of the sessions will be Dutch. I can’t say that the preparations go entirely smoothly. It’s when working … Continue reading

Posted in Oracle security | Tagged , , , , , | Leave a comment