Results 1 to 3 of 3

Thread: What Happened to "Unbreakable"?

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    What Happened to "Unbreakable"?

    Here is a quote from David Lichtfield on this new vulnerability:

    Every supported version of Oracle, running on any operating system is vulnerable to this attack, which can be leveraged by even low-privileged users to gain complete control of the database.
    That quote may be a tad alarmist though. The mitigating factors are that to perform the attack you must first be authenticated to the database which means having a valid username and password. If security best practices are followed in the first place the potential for exploitation of this attack should be minimized.

    Here is the bulletin from Oracle: Security Alert

  2. #2
    Senior Member
    Join Date
    Mar 2003
    Posts
    217
    at first, i thought you were talking about the movie "unbreakable," as i always thought that it would have a sequel....

    anyway, as far as oracle and DB stuff goes in general, any DBA paying attention should be on top of the admin access. It's the end-users with authenticated, yet minimal access to the Database that have to be worried about. Simple passes like "user," "password" or the big four "love sex secret God" as well as kids birthdays and stuff (even initials and birthdays are easy to guess) need to be changed.


    one thing most people tend to forget. if you give someone your password, even temporarily, that isn't the admin, make sure you change it afterward. too may passwords are easy to remember, and they may be 'tempted to use yours later on.
    i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Anyone keeping count on oracle9i vulnerabilities since they advertised it as unbreakable?

    I guess it's like that "trust microsoft windows to keep your data secure" ad that was ordered off for false adverdisement! [http://www.itweb.co.za/sections/busi...Section&O=FPSH]

    Ammo
    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •