Re: Ellison: Oracle Database is 'Unbreakable'

From: Pete Finnigan (peteat_private)
Date: Sat Nov 17 2001 - 11:23:26 PST

Next message: vuln-dev: "New bugs discovered!"

Previous message: CheetaChat Security Group: "Possible security exploit on Yahoo! Messenger : permits disclosure of any logged party's authentication and profile information"
In reply to: aleph1at_private: "Ellison: Oracle Database is 'Unbreakable'"
Next in thread: dreamwvrat_private: "Re: Ellison: Oracle Database is 'Unbreakable'"
Reply: dreamwvrat_private: "Re: Ellison: Oracle Database is 'Unbreakable'"
Reply: Lincoln Yeoh: "Re: Ellison: Oracle Database is 'Unbreakable'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all

Oracle do seem to be pushing security from every angle and in the UK I
believe they have recently formed a department to offer security
services, pentest's and audits, maybe its a publicity stunt to attract
interest in the security addons and services.:-)

I do Oracle security audits and pentest's and i have never yet seen an
oracle database or applications that have been installed securely yet.
In particular the 9iAS application server has quite a lot of issues that
can allow access to be gained or privilege escalation to be had.

Its a pity that Larry is not offering $1,000,000 to break in like they
did recently for performance challenges.

just my two penneth,
cheers
Pete Finnigan
www.pentest-limited.com


In article <20011116112119.B26436at_private>,
aleph1at_private writes
>http://www.varbusiness.com/components/Nl/Insider/article.asp?ArticleID=31368
>
>[ snip ]
>
>Ellison also said hackers and cybercriminals can't break into the database 
>because of its enhanced security and stability. He said he was warned not to 
>call Oracle 9i unbreakable because it would attract hackers eager to break 
>into Oracle databases, but despite increased attacks recently, all attempts 
>have failed so far, Ellison said.
>
>"I'm not inviting hackers, but so far, with more than 1,000 attacks a day, 
>we're still running," Ellison said. "Our very first customer was the CIA. 
>Our second customer was the National Security Agency."
>
>[ snip ]
>
>"What we're proposing is you keep your Microsoft Outlook, we'll make it 
>unbreakable," Ellison said. "And unbreakable means you can't break it and 
>you can't break in."
>
>[ snip ]
>
>More at http://www.oracle.com/features/events/index.html?ljecomdex.html
>
>Sounds like a challenge to me. I think you can download evaluation copies
>of Oracle products at http://otn.oracle.com/software/content.html
>

-- 
Pete Finnigan
IT Security Consultant
PenTest Limited

Office  01565 830 990
Fax     01565 830 889
Mobile  07974 087 885

pete.finnigan@pentest-limited.com

www.pentest-limited.com

Next message: vuln-dev: "New bugs discovered!"
Previous message: CheetaChat Security Group: "Possible security exploit on Yahoo! Messenger : permits disclosure of any logged party's authentication and profile information"
In reply to: aleph1at_private: "Ellison: Oracle Database is 'Unbreakable'"
Next in thread: dreamwvrat_private: "Re: Ellison: Oracle Database is 'Unbreakable'"
Reply: dreamwvrat_private: "Re: Ellison: Oracle Database is 'Unbreakable'"
Reply: Lincoln Yeoh: "Re: Ellison: Oracle Database is 'Unbreakable'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Nov 18 2001 - 09:27:19 PST