Back to list
Oracle and setting the record straight
Jul 20 2005 11:40PM
David Litchfield (davidl ngssoftware com)
Re: Oracle and setting the record straight
Jul 22 2005 07:14PM
Adam Laurie (adam laurie thebunker net)
David Litchfield wrote:
> Hey all,
> I don't know whether this helps serve any purpose or not, other than the
> vent some of my own frustrations; however...
> In the wake of the release of Alex Kornbrust's details on some Oracle
> flaws there has been some discussion in various places about when I
> supposedly did the same thing last year at Blackhat - i.e. release
> information on Oracle bugs in the absence of a vendor supplied patch.
> For the record, I did _not_ do this.
> So, setting the record straight: I was due to present a talk that
> centered around a batch of Oracle vulnerabilities at Blackhat last year.
> I gave Oracle a heads up and explained that I intended to do so and
> questioned whether the patches would be ready. On the day of the talk I
> was informed by Oracle that the patches were not ready and so when I got
> up on the stage I proceeeded to tell everyone exactly why I could no
> longer do the talk. i.e. I can't do the talk because Oracle failed to
> patch the problems I was going to talk about.
> I did not discuss in any form or fashion the actual bugs.
FWIW, I was there, and can confirm that this is true. Indeed, Dave was
put in a very awkward position, having to pull most of the content of
his talk at the last minute...
Adam Laurie Tel: +44 (0) 20 7605 7000
The Bunker Secure Hosting Ltd. Fax: +44 (0) 20 7605 7099
Shepherds Building http://www.thebunker.net
London W14 0DA mailto:adam (at) thebunker (dot) net [email concealed]
UNITED KINGDOM PGP key on keyservers
[ reply ]
Copyright 2010, SecurityFocus