| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Exciting Oracle News :: Oracle DB Worm Code Published :: Oracle Passwords Crack in Mere Minutes
hpuxrac wrote:
> # HansF wrote:
> #>
> #> Further apologies for feeding the troll.
> #>
>
> Sorry Hans don't understand your last remark. Both of the url's cited
> pose dangers for the oracle database community.
>
> How long until variants of the worm appear that actually cause damage?
>
> How many oracle databases are there out there that are at risk? How
> many times do developers or consultants or contractors unskilled or too
> "busy" install things and leave them at default settings? Way too
> often.
>
> It's bad news for all of us.
I must respectfully disagree. There is nothing in the announcements that indicates a vulnerability in Oracle. The fact that stupid people can do stupid things is not a product vulnerability. And any language worthy of calling itself a language can be used to write a worm. Heck I did it with Lotus 123 Macros back in the early '80s.
The current utlpwdmg.sql goes back to 1996/7 and any competent DBA has had more than a decade to figure out how to drop, lock, or otherwise protect accounts. If a DBA has an elementary school level vulnerability left in their database they should be learning to say "Do you want fries with that."
-- Daniel A. Morgan http://www.psoug.org damorgan_at_x.washington.edu (replace x with u to respond)Received on Mon Nov 07 2005 - 06:33:13 CST
 |
 |