[Dailydave] The Week of Oracle Database Bugs

Jeremiah Johnson jeremiah.johnson at gmail.com
Wed Nov 29 12:41:02 EST 2006 

Heh, what a great way to harvest some oracle 0day.

-miah

On 11/29/06, Dude VanWinkle <dudevanwinkle at gmail.com> wrote:
> update:
>
> from: http://www.argeniss.com/woodb.html
>
> The Week of Oracle Database Bugs
>
> We are sad to announce that due to many problems the Week of Oracle
> Database Bugs gets suspended.
>
> We would like to ask for apologizes to people who supported this and
> were really excited with the idea, also we would like to thank the
> people who contributed with Oracle vulnerabilities.
>
> -----------------------
> thanks for the tip Ferg!
>
> -JP
>
> On 11/27/06, Jared DeMott <demottja at msu.edu> wrote:
> > greets Sinan!
> > >
> > > I don't think there could be anything special or uber cool about a
> > > fuzzer.
> > Interesting.  To say the least my hat goes off to the security/app dev
> > community as a whole, because it seems that fuzzing is a fairly well
> > understood action these days.  Most know that passing a fuzz test
> > doesn't == secure app, but it likely does mean we've cleared out the low
> > hanging fruit, assuming we have a decent fuzzer for whatever we're testing.
> >
> > That said, I think there's still a lot of people fuzzing for both
> > security and exploit research.
> > >
> > > I always assume there are millions out there that write better and
> > > thousands more lines of C/python/ruby code than me every single day.
> > > They have much more free time in their hands and the usual academic
> > > buzz words (genetic algorithms etc.) to ponder on all day. OULU being
> > > the prime example.
> > ya, I hear ya bro -- creating the next generation of fuzzers is no easy
> > task!!
> > > There is no point in me targeting their share of the fish so instead
> > > as somebody with tiny resources would, I go for the deep sea fish
> > > which they never ever seem to catch with their sweeps since they don't
> > > reach deep enough.
> > I'd like to chat more with you offline on your methodology.
> > >
> > > It would be naive to think that you can outsmart all that lot and hunt
> > > with similar tools and still believe it is uniquely yours.
> > Hmm... great discussion!
> > >
> > > cheers,
> > > sinan
> > >
> > >
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave at lists.immunitysec.com
> > http://lists.immunitysec.com/mailman/listinfo/dailydave
> >
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>

More information about the Dailydave mailing list