Re: First Email of the Day (Re: OT: The Irony in It!)

sorry, we use oracle 8i, and (unlike maybe yourself) we don't expose our database directly to the internet.

in addition, how many times do i need to say that even microsoft corporation servers were affected by at least one of the notorious viruses? the requirements of numerous patches is itself a dire symtom of an overall lack of security in the product.

as an example, the open source apache is used by far in more web servers than anything else (65% or so), and yet microsoft IIs web servers are much more prone to attacks (nimda, code-red, etc).

Niall Litchfield wrote:
>
> "a.s.j." <kali_at_xxxx.com> wrote in message news:3E357428.7142_at_xxxx.com...
> > hmmm...i give our IT more credit than that....we switched to linux
> > didn't we? on the other hand, IT heads who continue to use microsoft
> > products on the face of such problems sure do NEED to have their "heads"
> > examined, don't they (pun intended)?
>
> I take it you also advised them to stop using BIND when the vulnerabilities
> in that were exposed, and Oracle 9i when you discover that a user with
> create session and create view privileges can trash the database beyond
> repair, or if they were a select only user then they could merely see all
> data within the db regardless of access privileges.
>
> This vulnerability - like Nimda has had a patch for a significant period.
> falling victim to it is not the fault of M$.
>
> --
> Niall Litchfield
> Oracle DBA
> Audit Commission UK
> *****************************************
> Please include version and platform
> and SQL where applicable
> It makes life easier and increases the
> likelihood of a good answer
> ******************************************
Received on Mon Jan 27 2003 - 15:39:25 CST