Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Oracle Worm

RE: Oracle Worm

From: Goulet, Dick <DGoulet_at_vicr.com>
Date: Thu, 3 Nov 2005 16:13:12 -0500
Message-ID: <4001DEAF7DF9BD498B58B45051FBEA6502E0A237@25exch1.vicorpower.vicr.com> 





I think what Alexander Kornbrust, founder and CEO of
Red-Database-Security, would prefer is that we dba's make sure that
default usernames and passwords are not in play.  I wonder how many
default passowrds are still out there?  It wasn't that long ago that I
was helping a friend with a database problem, at another compnay in the
neighboorhood, and managed to connect system/manager. 



-----Original Message-----


From: Paul Drake [mailto:bdbafh_at_gmail.com] 
Sent: Thursday, November 03, 2005 3:58 PM
To: Goulet, Dick


Cc: oracle-l_at_freelists.org


Subject: Re: Oracle Worm



On 11/3/05, Goulet, Dick <DGoulet_at_vicr.com> wrote:


> Just got the following link from an E-week news message.  Think all of

> us will be interested.

>

>



http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038290.h


> tml

>

> Or:

>

> http://tinyurl.com/9so5f

>

> Dick Goulet

> Senior Oracle DBA

> Oracle Certified DBA

> --





Dick,



In the spirit of David Litchfield's recent postings, I propose the
possible remediation of putting in place a database trigger that
prevents creation of a table named "X".



That should take care of it, right? ;)



Paul

--
http://www.freelists.org/webpage/oracle-l


Received on Thu Nov 03 2005 - 15:15:25 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US