David has an interesting new paper that shows how PLSQL injection techniques now only require the CREATE SESSION privilege. Get it here. http://www.databasesecurity.com/dbsec/cursor-injection.pdf

I am now blogging from www.oracleforensics.com which accompanies my new book that is now completed.
http://www.rampant-books.com/book_2007_1_oracle_forensics.htm

All future entries will be made at that URL.