Re: Ellison: Oracle Database is 'Unbreakable'

From: dreamwvrat_private
Date: Sun Nov 18 2001 - 10:43:51 PST

Next message: Pavel Kankovsky: "Re: Where else?"

Previous message: vuln-dev: "New bugs discovered!"
In reply to: Pete Finnigan: "Re: Ellison: Oracle Database is 'Unbreakable'"
Next in thread: Lincoln Yeoh: "Re: Ellison: Oracle Database is 'Unbreakable'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi all,
           Wasn't there a bunch of DoS issues i seem to recall? Wonder what
they would say about that? Agreed seem to be a pub stunt much like a
co starting with J did with there crypt IIR..
Regards

Pete Finnigan wrote:

> Hi all
>
> Oracle do seem to be pushing security from every angle and in the UK I
> believe they have recently formed a department to offer security
> services, pentest's and audits, maybe its a publicity stunt to attract
> interest in the security addons and services.:-)
>
> I do Oracle security audits and pentest's and i have never yet seen an
> oracle database or applications that have been installed securely yet.
> In particular the 9iAS application server has quite a lot of issues that
> can allow access to be gained or privilege escalation to be had.
>
> Its a pity that Larry is not offering $1,000,000 to break in like they
> did recently for performance challenges.
>
> just my two penneth,
> cheers
> Pete Finnigan
> www.pentest-limited.com
>
> In article <20011116112119.B26436at_private>,
> aleph1at_private writes
> >http://www.varbusiness.com/components/Nl/Insider/article.asp?ArticleID=31368
> >
> >[ snip ]
> >
> >Ellison also said hackers and cybercriminals can't break into the database
> >because of its enhanced security and stability. He said he was warned not to
> >call Oracle 9i unbreakable because it would attract hackers eager to break
> >into Oracle databases, but despite increased attacks recently, all attempts
> >have failed so far, Ellison said.
> >
> >"I'm not inviting hackers, but so far, with more than 1,000 attacks a day,
> >we're still running," Ellison said. "Our very first customer was the CIA.
> >Our second customer was the National Security Agency."
> >
> >[ snip ]
> >
> >"What we're proposing is you keep your Microsoft Outlook, we'll make it
> >unbreakable," Ellison said. "And unbreakable means you can't break it and
> >you can't break in."
> >
> >[ snip ]
> >
> >More at http://www.oracle.com/features/events/index.html?ljecomdex.html
> >
> >Sounds like a challenge to me. I think you can download evaluation copies
> >of Oracle products at http://otn.oracle.com/software/content.html
> >
>
> --
> Pete Finnigan
> IT Security Consultant
> PenTest Limited
>
> Office  01565 830 990
> Fax     01565 830 889
> Mobile  07974 087 885
>
> pete.finnigan@pentest-limited.com
>
> www.pentest-limited.com

Next message: Pavel Kankovsky: "Re: Where else?"
Previous message: vuln-dev: "New bugs discovered!"
In reply to: Pete Finnigan: "Re: Ellison: Oracle Database is 'Unbreakable'"
Next in thread: Lincoln Yeoh: "Re: Ellison: Oracle Database is 'Unbreakable'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Nov 18 2001 - 15:44:21 PST