Results 1 to 7 of 7

Thread: 9i Breakable ... we all knew it ...

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    132

    Post 9i Breakable ... we all knew it ...

    (from slashdot.org):
    Now U.K. security researcher David Litchfield says you can break in, thanks to at least seven different security holes in Oracle 9i, according to here. Oracle's top security manager is quoted as saying that "unbreakable" doesn't really mean unbreakable, or something."
    <sigh> Here comes the publicity.

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    132

    3 cheers to obvious-man, me!

    Didn't we see this with Oracle 8i already? <cough> BUFFER OVERFLOW ATTACK <cough> Oh, well ... guess it takes some $1M to learn.
    Yeah. Figured it'd be a buffer overflow attack. Now ... to find the *hard* cracks against it.

    ~N~

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Buffer overflows suck. But I guess whatever works, right?


    No one should ever be taken seriously if they say their software is unbreakable, except perhaps the soon to be shelved Sunscreen 3.1. Those brain surgeons that wrote that code knew what they were doing.

    The only exploits to be found are in the Solaris OS.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    132

    More ...

    Also, it seems that you can run arbitrary code against the box as either SYSTEM (NT) or as user oracle (*NIX).

    However ...
    perhaps the soon to be shelved Sunscreen 3.1.
    Sunscreen's great - please tell me that by "shelved" you mean, "put on the COTS market" and not "dumped".


    ~N~

  5. #5
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Sun is discontinuing the product. Not enough of it sold. I have it on good authority that the guys in Utah (i think) are going to other parts of Sun adn the product will be no more. *sniff* *sniff*

    Pisses me off.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #6

    Talking We all knew it..

    Muahah... It was just a matter of time.
    Good job on finding the info.

    'When they say their software is unbreakable, they're lying.'
    -- Bruce Schneier

    Guess what?... They already have patches for it on 0racle's web site. Well, I gotta hand it to 'em.. They did a good job but nothing is unbreakable/unhackable. It just takes time.

    Remote_Access_

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    132
    Sun is discontinuing the product. Not enough of it sold. I have it on good authority that the guys in Utah (i think) are going to other parts of Sun adn the product will be no more. *sniff* *sniff*
    Aaaaarrrghhh! Well ... if there will be a bright side to this, maybe it'll be that Sunscreen will be *part of* / *integrated into* future Solaris/SunOS builds.
    /////////////////////////////
    As for the original thread, I liked how the link goes on to say that people are pissed at software engineering terms (i.e. "unbreakable") being misused as marketing terms (i.e. unbreakable! ). Oh, well.

    As for the patches ... I wonder if they weren't just waiting around to go into production? I get suspicious when people throw around terms like "unbreakable", "unhackable", "super-duper-duper" ... and don't first say, "geez .. what's this buffer overflow exploit that everyone's using on everything these days?".

    <sigh>

    Must read for Psychology 635 tomorrow.

    ~N~

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •