Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed

April 2014 CPU

Hi Oracle Security Folks,

Thanks to Oracle for fixing a batch of research I sent over in August 2013 regarding ADVISOR, DIRECTORIES, GAOP(GRANT ANY OBJECT PRIVILEGE) and also a critical privilege escalation which gains 8.5 in the CPU which I am not going to publish here as I want to give folks time to patch. Both of the issues fixed in the April DB Patch are from me this time.

Note that that the CVSS 8.5 was not discussed at any conferences – it’s new. Actually the CVSS 8.5 is detailed in my new book which has just come out after the patch release, and is available from Apress and Amazon There is some new exploit research in there but the main thrust of the book is Defense and Protection – especially using Enterprise Manager/Cloud Control to Defend an estate and how to secure privileged access control mechanisms such as breakglass. I am very honored that Jonathan Gennick Edited the book, Arup Nanda Technically Reviewed the book, and that Slavik Markovich – CTO of McAfee – wrote a kind foreword to the book as well. There have also been quite a few other folks involved whom I list in the Acknowledgements section. It’s taken a year to write so hopefully you will like it.

Anyhow more detail to come on that in the future. For now I recommend installing the patch and reading the book…though it has to be said – that was where I was 9 months ago..and the world has not stopped spinning yet…Global SCN still rising :) but hopefully no maximum in sight yet!

Keep safe,

Leave a Reply

You must be logged in to post a comment.