Dailydave mailing list archives
Re: The Week of Oracle Database Bugs
From: "Olef Anderson" <olef.anderson () gmail com>
Date: Wed, 29 Nov 2006 12:01:14 -0800
i think this was the proper thing to do since releasing Oracle 0day is like; "picking on a retarded kid with no legs and arms" it amazes me to think that litchfield and cesar thrives on a business that is just doing that all day, picking on a retarded kid.... cheers, olef On 11/29/06, Dude VanWinkle <dudevanwinkle () gmail com> wrote:
update: from: http://www.argeniss.com/woodb.html The Week of Oracle Database Bugs We are sad to announce that due to many problems the Week of Oracle Database Bugs gets suspended. We would like to ask for apologizes to people who supported this and were really excited with the idea, also we would like to thank the people who contributed with Oracle vulnerabilities. ----------------------- thanks for the tip Ferg! -JP On 11/27/06, Jared DeMott <demottja () msu edu> wrote: > greets Sinan! > > > > I don't think there could be anything special or uber cool about a > > fuzzer. > Interesting. To say the least my hat goes off to the security/app dev > community as a whole, because it seems that fuzzing is a fairly well > understood action these days. Most know that passing a fuzz test > doesn't == secure app, but it likely does mean we've cleared out the low > hanging fruit, assuming we have a decent fuzzer for whatever we're testing. > > That said, I think there's still a lot of people fuzzing for both > security and exploit research. > > > > I always assume there are millions out there that write better and > > thousands more lines of C/python/ruby code than me every single day. > > They have much more free time in their hands and the usual academic > > buzz words (genetic algorithms etc.) to ponder on all day. OULU being > > the prime example. > ya, I hear ya bro -- creating the next generation of fuzzers is no easy > task!! > > There is no point in me targeting their share of the fish so instead > > as somebody with tiny resources would, I go for the deep sea fish > > which they never ever seem to catch with their sweeps since they don't > > reach deep enough. > I'd like to chat more with you offline on your methodology. > > > > It would be naive to think that you can outsmart all that lot and hunt > > with similar tools and still believe it is uniquely yours. > Hmm... great discussion! > > > > cheers, > > sinan > > > > > > _______________________________________________ > Dailydave mailing list > Dailydave () lists immunitysec com > http://lists.immunitysec.com/mailman/listinfo/dailydave > _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: The Week of Oracle Database Bugs, (continued)
- Re: The Week of Oracle Database Bugs Joanna Rutkowska (Nov 22)
- Re: The Week of Oracle Database Bugs dan (Nov 22)
- Re: The Week of Oracle Database Bugs pageexec (Nov 24)
- Re: The Week of Oracle Database Bugs Dave Aitel (Nov 27)
- Re: The Week of Oracle Database Bugs Jared DeMott (Nov 27)
- Re: The Week of Oracle Database Bugs sinan . eren (Nov 27)
- Re: The Week of Oracle Database Bugs Jared DeMott (Nov 27)
- Re: The Week of Oracle Database Bugs Dude VanWinkle (Nov 29)
- Re: The Week of Oracle Database Bugs Jeremiah Johnson (Nov 29)
- Re: The Week of Oracle Database Bugs Curt (Nov 29)
- Re: The Week of Oracle Database Bugs Olef Anderson (Nov 29)
- Re: The Week of Oracle Database Bugs Anthony_Lineberry (Nov 29)
- Re: The Week of Oracle Database Bugs L . M . H (Nov 29)
- Re: The Week of Oracle Database Bugs Jared DeMott (Nov 27)
- Re: The Week of Oracle Database Bugs Dragos Ruiu (Nov 22)