The Devil's boots don't creak - Scottish proverb
|
|
|
Oracle databases can be hacked by script kiddies
NEW tools will make it a doddle for hackers to break into Oracle databases, security experts have warned.
The tool was created through a controversial open source software project known as Metasploit, which releases its free software over the worldwide wibble.
The tool's writer Chris Gates plans to unveil it next week at the annual Black Hat conference in Las Vegas. Gates said this is the first Metasploit program to target Oracle's database.
People in the know say that anyone can download and run the tool, regardless of skill or knowledge level, because it automates many of the complicated procedures required to hack into Oracle databases over the Internet.
Oracle has already issued patches to protect against vulnerabilities that the Metasploit tool targets, but outfits that do not patch their databases will be vulnerable. Ironically such organisations will probably hire consultants like Gates to help them make sure they are protected.
Reuters reports that in addition to letting hackers break into databases over the Internet, the Metasploit tool could also allow rogue employees to access them from their work PCs. µ
Share this:
Share
Because corporations do not update their Oracle DB Core unless they are forced at gunpoint. Oracles is an awful database solution, and every release brings with it known regressions. It's not a matter of will it break, it's a matter of "Are we accepting of what we know it will break."
I worked for a company that developed software for Oracle. I had to support Oracle day in and day out. We still had people running Oracle 8 when I left, and that was several years after Oracle 10 was released. When we'd run into a bug the DBAs would fight tooth and nail against installing a patch, and no matter how much I sympathized with them, they had to do it and suffer the consequences.
Where are you working now? I guess in a SQL server shop! Oracle database is like a horse, which can run very fast, provided you have competent jockeys (DBAs) to ride it. It's still the best RDBMS handsdown.
@Anti-Oracle
Im a DBA for multiple RDBMS'es and Oracle tends to be very secure. If a company is running Oracle 8 exposed to the internet they are just asking to be exploited. That is not Oracles fault as Oracle 8 has been desuported since 12/31/2003. At the shop im at we do stay a release behind but we do apply the quartelry security patches from Oracle to prevent these types of exploits.