Re: The Week of Oracle Database Bugs

[Evgeny Legerov <admin () gleg net>]

Hi Cesar,

> Quoting Cesar <sqlsec () yahoo com>:

> The Week of Oracle Database Bugs
> Based on the great idea of H D Moore "Month of Browser Bugs" and LMH "Month
> of Kernel Bugs", we are proud to announce that we are starting on December
> the "Week of Oracle Database Bugs" (WoODB).
> What is the WoODB about?
> An Oracle Database 0day will be released every day for a week on December.
> Why are you doing this?
> We want to show the current state of Oracle software ("in")security also we
> want to demostrate Oracle isn't getting any better at securing its products
> (you already know the history: two years or more to fix a bug, not fixing
> bugs, failing to fix bugs, lying about security efforts, etc, etc, etc.).
> Why are you targeting only Oracle?
> We have 0days for all Database software vendors but Oracle is "The #1 Star"
> when talking about lots of unpatched vulnerabilities and not caring about
> security.
> Why not the Month of Oracle Database Bugs?
> We could do the Year of Oracle Database Bugs but we think a week is enough to
> show how flawed Oracle software is, also we don't want to give away all our
> 0days:), anyways if you want to contribute send your Oracle 0days so this can
> be extended for another week or more.

Cool, that sounds very interesting ;-)

Are you planning to disclose any of your Oracle pre-authentication remotely
exploitable bugs?


--
Best regards,
Evgeny Legerov

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave