The interesting part is that, if I have understood them correctly, they have actually used the techniques in this paper to hack databases. Hence their Chicken Licken schtick. From other postings I know this person is a relative beginner (they've done the OCA course a month ago but not taken the exams yet). So it is obviously pretty easy for anybody with a little knowledge to get into insecure Oracle databases through iSQL*Plus.
The poster draws one conclusion from this - that Oracle is inherently insecure - when perhaps a more valid conclusion is that many Oracle databases are set-up by people too ignorant or too lazy to put even token protections in place.
Update
I have clarified this with the original poster, and the database they have hacked is their own trial server and not someone else's.
4 comments:
Hi Andrew -funny the number of times I see this "Oracle is C**P because"...and it turn out that its "operator error"...
Well in the same vein I'd like to announce that Safeway are C**P because they sold me bread that burnt in my toaster while I was watching Holby City on TV.
Hi Andrew,
Interesting post that you have found. I just clicked on the link but found that its disapeared. Perhaps the post has been removed?
cheers
Pete
>> Perhaps the post has been removed?
Nope. I've just checked and the thread is still there (and my link has the right URL). Actually it's vey hard to get any thread removed from the OTN forums.
Of course, the Forums might have been down for maintenance when you tried: they've been a bit flaky of late.
>> Perhaps the post has been removed?
You need to remove the question mark at the end of the link
http://forums.oracle.com/forums/thread.jspa?messageID=1208969
Post a Comment