[ISN] Hacking Into a Billion-Dollar SAP Solution

From: InfoSec News (alerts@private)
Date: Wed May 28 2008 - 00:14:24 PDT


By Mario Morejon
May 27, 2008

After notification by our Test Center, SAP (NYSE:SAP) security experts 
have "fast-tracked" an investigation into potential holes in certain 
deployments of the software giant's server technology -- holes that 
apparently could leave entire data stores wide open to potential abuse 
by hackers.

The Waldorf, Germany-based company is examining potentially alarming 
scenarios, brought to its attention by our Test Center, which found that 
one data store built on SAP technology revealed an easy opportunity for 
cyber criminals to gain access to a large corporate database.

Fritz Bauspiess, director of SAP NetWeaver product management security, 
says the company is looking at the issue brought to its attention by the 
Test Center earlier this month.

"The [SAP] team will work to see if they can replicate the issue and 
verify it, then will create a recommendation to customers on how to 
address (if one does not already exist)," Bauspiess said.

The Test Center first began examining the issue earlier this month and, 
working with an SAP engineer for one large corporation, who talked to us 
on condition of not being named, pointed out the scenarios. The Test 
Center examined the specific deployment first hand, and identified the 


Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Wed May 28 2008 - 00:24:27 PDT