Oracle denies researcher's security claims

Oracle and a security researcher have fallen out over a vulnerability in the company's software that has gone unpatched since it was discovered in October.

The company is warning its customers not to use a workaround written by David Litchfield for a security vulnerability, claiming the suggested workaround could break its software.

Litchfield, managing director of Next Generation Security Software Ltd. in Sutton, England, said he posted the fix on the BugTraq mailing list on Wednesday after warning Oracle about the dangers the vulnerability posed.

Oracle was notified of the workaround before it was released, but has found it "inadequate," said Duncan Harris, Oracle's senior director of security assurance. It will break a large number of E-Business Suite applications, he said.

Tuesday, 31 January 2006 18:31 EST

Read Full Story

News

Network Filtering by Operating System
Feb 20, 2006, 01:41 EST

Preventing SSH Dictionary Attacks With DenyHosts
Feb 20, 2006, 01:40 EST

ID cards biometrics will not stop forgery
Feb 17, 2006, 11:15 EST

Stop Pod Slurping
Feb 17, 2006, 11:11 EST

Managing Mobility in the Enterprise
Feb 17, 2006, 07:54 EST

Improving Efficiency with Wireless Email
Feb 17, 2006, 07:43 EST

WiFi VoIP Security
Feb 17, 2006, 06:24 EST

Sponsors:
Scan all company email for viruses, Trojans and worms with 4 virus engines, all in one package - GFI MailSecurity for Exchange/SMTP! Download your free 60-day trial today!	Check your website security with Acunetix Web Vulnerability Scanner. Audit your web applications for SQL injection, cross site scripting & more. Download trial!


Copyright ? IT-Observer.com 2000 - 2006	Privacy Policy \| RSS Feeds