Oracle exploits coming at Black Hat DC 2007

Looks like Oracle is going to be taken to task for security yet again. At Black Hat DC 2007, starting tomorrow here in the nation's capital, major Oracle exploits are set to be unveiled during two Oracle-centric presentations: "Advanced Oracle Attack Techniques" with security researcher David Litchfield and "Practical 10 Minute Security Audit: The Oracle Case" with Argeniss founder Cesar Cerrudo. Black Hat has long been a thorn in Oracle's side; many of you will recall that Litchfield revealed an unpatched Oracle flaw at Black Hat 2006 that drew the database company's ire. Cerrudo is expected to release "at least one zero-day vulnerability and exploit code," while Litchfield is set to demonstrate a new exploit based on a recently published security paper that's making waves in the security community. "Any new buffer overflow vulnerability does nothing to further the knowledge base of the security community, and it only serves to increase risk [to users]," Lindstrom said. "In cases where there are entire new classes of attack, where you're learning a whole new technique, rather than throwing a whole lot of data at a process and waiting for it to break--which everyone and their grandmother could do--…you're learning about new ways in which applications can be exploited."

For more on the coming exploits:
- see this eWeek article