RE: [ISN] Oracle Chief Challenges Hackers

From: InfoSec News (isnat_private)
Date: Fri Nov 16 2001 - 00:54:58 PST

  • Next message: InfoSec News: "[ISN] [defaced-commentary] Trinux site defaced"

    Forwarded from: Marc Maiffret <marcat_private>
    Hey so what's fault tolerant have to do with the fact that oracle
    software has had many many bugs, even more than SQL. Fault tolerant is
    nice but doesn't really mean shit if your programmers are leaving
    gaping buffer overflows left and right in your code.
    50 machines in the same "cluster" all vulnerable to the same bug just
    means 50 owned machines instead of 1.
    Marc Maiffret
    Chief Hacking Officer
    eEye Digital Security
    F.949.349.9538 - Network Security Scanner - Network Traffic Analyzer - Stop known and unknown IIS vulnerabilities
    | -----Original Message-----
    | From: owner-isnat_private [mailto:owner-isnat_private]On Behalf
    | Of InfoSec News
    | Sent: Wednesday, November 14, 2001 11:22 PM
    | To: isnat_private
    | Subject: [ISN] Oracle Chief Challenges Hackers
    | James Niccolai, IDG News Service
    | Tuesday, November 13, 2001
    | LAS VEGAS -- Oracle's top executive told computer hackers on Monday
    | night that his software is so secure they would never be able to break
    | into Oracle's Web site, a boast that may be taken by many as a
    | challenge.
    | "This is a very dangerous thing to say--I'm not inviting a bunch of
    | hackers to bring down the Oracle Web site," said Larry Ellison,
    | Oracle's chair and chief executive officer. "But so far, with more
    | than 1000 attacks a day, we've had no downtime, no interruption of
    | service."
    | Ellison made his remarks in a keynote speech at Comdex on Monday
    | night, which he used to deliver a lecture on the stability of Oracle's
    | software--particularly when used in clustered configurations--compared
    | with those of his rival Microsoft.
    | The database giant recently launched an advertising campaign with the
    | slogan "Unbreakable", which is meant to suggest that Oracle's software
    | doesn't break down and can't be broken into.
    | "Everyone at Oracle was very nervous," Ellison said. "We're just going
    | to cause every hacker around the world to attack the Oracle sites.
    | They said, Larry, are you crazy?"
    | Sure enough, the number of hackers trying to bring down Oracle's Web
    | site has increased tenfold since the company started the campaign, to
    | 1000 attacks a day, according to Ellison. But his nerve is holding
    | steady.
    | "The new version of Oracle is completely fault-tolerant," he said.
    | "You can't break in."
    | The fault tolerance comes from using what Oracle calls Real
    | Application Clusters, or using groups of servers to access a database
    | for improved redundancy. If one of the servers goes down, the workload
    | is shifted to another server and the application, such as a Web site,
    | stays up. He asserted that Oracle's clustering system is more
    | effective than those offered by rivals Microsoft and IBM.
    | On a similar theme, the Oracle chief announced a program designed to
    | entice users of Microsoft's e-mail server software to switch to the
    | Oracle 9i database, which can act as a mail server. Companies running
    | ten or more Microsoft Exchange servers could cut costs by switching to
    | 9i, he said.
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Nov 16 2001 - 03:39:12 PST