Oracle est en train de s'en prendre plein la gueule sur twitter a cause de ce post de blog qu'ils ont viré depuis.
http://pastebin.com/raw.php?i=urN8Vyv1Morceau choisi:
Writing mysteries is a lot more fun than the other type of writing I’ve been doing. Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it. <Insert big sigh here.> This is why I’ve been writing a lot of letters to customers that start with “hi, howzit, aloha” but end with “please comply with your license agreement and stop reverse engineering our code, already.”
Sachant que la recherche indépendante de failles de sécurité est quand même un peu une source critique de correction de vulnérabilités dans une énorme tonne de gros produits...
et pour faire bien, un exemple de la qualité du travail que produit oracle:
http://seclists.org/bugtraq/2005/Oct/56Alert 68 attempts to fix some security holes in some
triggers; the flaws could allow a low privileged user to gain SYS privileges
- in other words gain full control of the database server. The example
exploit I sent to Oracle contained a space in it. Oracle's fix was to ignorethe user's request if the input had a space.
