Re: Three years and ten months without a patch

[Marco Ermini <markoer () markoer org>]

On 11/15/05, InfoSecBOFH <infosecbofh () gmail com> wrote:
> So why not start teaching some lessons David and release exploit code.
>  It seems that is the only way they learn and take thing seriously.

Rarely this software did not run in a what is considered "secured"
environment - I mean, this is rarely exposed on Internet/DMZs. Usually
Oracle DB (especially these older versions which didn't have so much
web application software) are used just as database back end, which
communicates with DMZs through multiple firewall levels (I am not
justifying them in any way, I am just guessing why they may not care
so much). Security is considered often not important - especially if
you can "inexpensively" upgrade to a 9.x or 10.x or 11.x software
version which "never breaks"...


Cheers.
--
Marco Ermini
Dubium sapientiae initium. (Descartes)
root@human # mount -t life -o ro /dev/dna /genetic/research
(This message is for the designated recipient only and may contain
privileged or confidential information. If you have received it in
error, please notify the sender immediately and delete the original.)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/