Oracle Patching Malarky
Yesterday Pete Finnegan advised everybody using iAS to apply David Litchfield's workaround immediately. However,Robert Lemos owver at Security Focus reports Oracle's Harris as saying something along the lines that Litchfield's workaround is inadequate and "the configuration changes have at least five technical problems that could cause problems for some applications" (paraphrase by Security Focus not Harris's actual words). Harris recommends testing it before deploying to a production server. This is obviously sensible advice.
Whether Oracle going toe-to-toe with security researchers is a sensible strategy is slightly less obvious.