[ISN] In the interest of helping journalists cover Oracle..
isn at c4i.org
Fri Jan 20 01:14:26 EST 2006
Forwarded from: security curmudgeon <jericho at attrition.org>
In the interest of helping journalists cover Oracle.. perhaps they should
just move to a templated form to save time?
[YOUR TITLE], [YOUR PUBLICATION]
Oracle released on [DAY_OF_WEEK] fixes for a [LONG/HUGE/MONSTROUS] list of
security vulnerabilities in [ONE/MANY/ALL] of its products. The quarterly
patch contained patches for [NUMBER] vulnerabilities.
Titled "Critical Patch Update", the patch provides
[FIXES/REMEDIES/MITIGATION] for [NUMBER] flaws in the Database products,
[NUMBER] flaws in the Application Server, [NUMBER] flaws in the
COllaboration Suite, [NUMBER] of flaws in the E-Business Suite, [NUMBER]
of flaws in the PeopleSoft Enterprise Portal, and [NUMBER] of flaws in the
Many of the flaws have been deemed critical by Oracle, meaning they are
trivial to exploit, were likely discovered around 880 days ago, and are
trivially abused by low to moderately skilled
company [COMPANY] said yesterday as they upped their internet risk warning
system number (IRWSN) to [ARBITRARY_NUMBER]. "This is another example of
why our products will help protect customers who chose to deploy Oracle
software" [ARBITRARY_CSO_NAME] stated.
countered Mary Ann Davidson, CSO at Oracle. "These hackers providing us
with free security testing and showing their impatience after 880 days are
what causes problems. If these jackass criminals would stop being hackers,
our products would not be broken into and our customers would stay safe!"
Oracle has been criticized for being slow to fix security flaws by
everyone ranging from L0rD D1cKw4v3R to US-CERT to the Pope.
More information about the ISN