Showing 15 results for: Oracle ×

Changes in Oracle Database 12c password hashes

Oracle has made improvements to user password hashes within Oracle Database 12c. By using a PBKDF2-based SHA512 hashing algorithm, instead of simple SHA1 hash, password hashing is more secure. With this post, I'll explain some of the changes and their...

Trustwave Analysis of the January 2014 Oracle CPU

It's the second Tuesday in January, so it is Oracle Critical Patch Update (CPU) time. The January 2014 CPU contains 144 fixes across Oracle's Database, Fusion Middleware, E-Business Suite, PeopleSoft, Siebel, Oracle and Sun Systems Product Suite, MySQL, Oracle Linux and Virtualization, Oracle Java and some other less common product lines.

Java is So Confusing...

It's been a short while, but we find ourselves again with a Java vulnerability in our hands, this time via a PoC provided by IKVM.NET. This particular vulnerability is somewhat different than most java vulnerabilities we run into, but feels...

Q&A w/ SpiderLabs Research: Java 0day CVE-2013-0422

Q: What's going on? People are talking about some Java 0day which threatens the whole world… Bring me up to speed, now! A: About a week ago, an independent researcher has reported a previously unknown (0day) Java vulnerability being used...

First Java 0day For The Year 2013

Today @Kafeine was the first to announce the new Java 0day. This 0day allows an attacker to execute malicious code on any desktop with Java 1.7 u10 (or prior) installed – which is the latest version from Oracle. After some...

Oracle DBMS_Scheduler Fun on Windows!

So, last time I showed how to get a Unix reverse shell up and running just by using Oracle PL/SQL commands making use of DBMS_Scheduler. My next challenge was to try and get a similar method to work on a...

Encrypting Data at Rest

Data should be encrypted at rest and in motion. In this post, I'll discuss encrypting data files rather than securing database communications.