Hi all Oracle do seem to be pushing security from every angle and in the UK I believe they have recently formed a department to offer security services, pentest's and audits, maybe its a publicity stunt to attract interest in the security addons and services.:-) I do Oracle security audits and pentest's and i have never yet seen an oracle database or applications that have been installed securely yet. In particular the 9iAS application server has quite a lot of issues that can allow access to be gained or privilege escalation to be had. Its a pity that Larry is not offering $1,000,000 to break in like they did recently for performance challenges. just my two penneth, cheers Pete Finnigan www.pentest-limited.com In article <20011116112119.B26436at_private>, aleph1at_private writes >http://www.varbusiness.com/components/Nl/Insider/article.asp?ArticleID=31368 > >[ snip ] > >Ellison also said hackers and cybercriminals can't break into the database >because of its enhanced security and stability. He said he was warned not to >call Oracle 9i unbreakable because it would attract hackers eager to break >into Oracle databases, but despite increased attacks recently, all attempts >have failed so far, Ellison said. > >"I'm not inviting hackers, but so far, with more than 1,000 attacks a day, >we're still running," Ellison said. "Our very first customer was the CIA. >Our second customer was the National Security Agency." > >[ snip ] > >"What we're proposing is you keep your Microsoft Outlook, we'll make it >unbreakable," Ellison said. "And unbreakable means you can't break it and >you can't break in." > >[ snip ] > >More at http://www.oracle.com/features/events/index.html?ljecomdex.html > >Sounds like a challenge to me. I think you can download evaluation copies >of Oracle products at http://otn.oracle.com/software/content.html > -- Pete Finnigan IT Security Consultant PenTest Limited Office 01565 830 990 Fax 01565 830 889 Mobile 07974 087 885 pete.finnigan@pentest-limited.com www.pentest-limited.com
This archive was generated by hypermail 2b30 : Sun Nov 18 2001 - 09:27:19 PST