[Dailydave] The Week of Oracle Database Bugs
Evgeny Legerov
admin at gleg.net
Tue Nov 21 08:57:29 Local tim 2006
Hi Cesar,
>Quoting Cesar <sqlsec at yahoo.com>:
> The Week of Oracle Database Bugs
> Based on the great idea of H D Moore "Month of Browser Bugs" and LMH "Month
> of Kernel Bugs", we are proud to announce that we are starting on December
> the "Week of Oracle Database Bugs" (WoODB).
> What is the WoODB about?
> An Oracle Database 0day will be released every day for a week on December.
> Why are you doing this?
> We want to show the current state of Oracle software ("in")security also we
> want to demostrate Oracle isn't getting any better at securing its products
> (you already know the history: two years or more to fix a bug, not fixing
> bugs, failing to fix bugs, lying about security efforts, etc, etc, etc.).
> Why are you targeting only Oracle?
> We have 0days for all Database software vendors but Oracle is "The #1 Star"
> when talking about lots of unpatched vulnerabilities and not caring about
> security.
> Why not the Month of Oracle Database Bugs?
> We could do the Year of Oracle Database Bugs but we think a week is enough to
> show how flawed Oracle software is, also we don't want to give away all our
> 0days:), anyways if you want to contribute send your Oracle 0days so this can
> be extended for another week or more.
>
Cool, that sounds very interesting ;-)
Are you planning to disclose any of your Oracle pre-authentication remotely
exploitable bugs?
--
Best regards,
Evgeny Legerov
More information about the Dailydave
mailing list