Re: slightly off topic - "break" a database

In article <1125036764.133622_at_yasure>, DA Morgan <damorgan_at_psoug.org> writes
>bdbafh_at_gmail.com wrote:
>> Do you ever read the BOFH site?
>> http://www.theregister.co.uk/odds/bofh/
>>
>> Supposedly people die in his bits.
>> I'm sure that no one actually does.
>> The person is a very good friend and it was just a joke, between
>> friends.
>>
>> Man, people take things so seriously these days.
>> No harm done, no productivity lost.
>> Sorry to have caused a disturbance.
>>
>> -bdbafh
>
>What you did was not funny.
>What you did is not funny.
>What you did will NEVER be funny.
>
>What you did was not a joke. It was malicious. And that is not
>something one does to a stranger ... much less a friend.

Hi Paul, Daniel,

Whether it was funny or malicious or not depends on Paul's relationship with his friend.

For me it highlights just how easy it would be for a hacker, business spy, grieved employee or whatever to destroy a database production or not. A database snapshot even on someone's laptop could be for a power user creating some important reports - so even an Oracle database on a laptop could be important for the business.

The lesson is to ensure machines are always locked and that permissions do not allow the structure of the database to be altered or destroyed. For instance I remember being in an office years ago where cleaners came in after hours and I saw one turn on a computer and use it to write a letter in Word. She could also have used it to gather data or destroy data or even destroy databases. Its all a matter of simple security measures.

cheers

Pete

-- 
Pete Finnigan (email:pete_at_petefinnigan.com)
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Oracle Security Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.