Dailydave mailing list archives
Re: oracle on the traces of microsoft ?
From: "Andrew R. Reiter" <arr () watson org>
Date: Tue, 23 Nov 2004 12:18:38 -0500 (EST)
On Tue, 23 Nov 2004, Cesar wrote: :Oracle can't be on the traces of MS, Oracle security :people are a bunch of amateurs and clueless, they have :a really long, long way to reach MS on security :efforts (btw: im not a MS fan but i know both :companies and how they handle security). Also Oracle :patches are a pain in the ass to install and if you :are successful on installing them then you have to :pray so the engine continue working without problems. :Man, Oracle is so buggy, it's incredible how easy is :to own any Oracle app. We have reported hundred of :bugs since more than year and most of them are :unpatched!!!!!!. The bugs i'm talking about should :have been fixed years ago but they are inherited from :version 8 to 9 and from 9 to 10.... most of these bugs :can be found by a simple half hour auditing. : :Cesar. No joke. I fully agree. If you've ever spent time rev eng their math related code (including date handling) you'd be afraid... not necesarily form a security standpoint but from a reliability/accuracy standpoint. :--- johnny cyberpunk <jcyberpunk () thc org> wrote: : :> it's seems that oracle is on the traces of microsoft :> ! :> :> :http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1027052,00.html :> :> :> and best is, that oracle said, that they asked :> customers, what would be :> their favorite update cycle. :> most of the admins approved the every 3 months :> strategy. sure, if i ask an :> admin here in our :> company, he'll also give them the same answer. if :> oracle had asked the :> security team, the answer :> would be: release a patch asap, especially if the :> bug is publically known. :> :> cheers, :> johnny :> :> _______________________________________________ :> Dailydave mailing list :> Dailydave () lists immunitysec com :> :https://lists.immunitysec.com/mailman/listinfo/dailydave :> : : : : :__________________________________ :Do you Yahoo!? :The all-new My Yahoo! - Get yours free! :http://my.yahoo.com : : :_______________________________________________ :Dailydave mailing list :Dailydave () lists immunitysec com :https://lists.immunitysec.com/mailman/listinfo/dailydave : : -- Andrew R. Reiter arr () watson org arr () FreeBSD org _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- oracle on the traces of microsoft ? johnny cyberpunk (Nov 23)
- Re: oracle on the traces of microsoft ? Cesar (Nov 23)
- Re: oracle on the traces of microsoft ? Andrew R. Reiter (Nov 23)
- Re: oracle on the traces of microsoft ? halvar (Nov 23)
- Re: oracle on the traces of microsoft ? Andrew R. Reiter (Nov 23)
- <Possible follow-ups>
- RE: oracle on the traces of microsoft ? Maynor, David (ISS Atlanta) (Nov 23)
- Re: oracle on the traces of microsoft ? Dragos Ruiu (Nov 23)
- Re: oracle on the traces of microsoft ? Cesar (Nov 23)