Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: eweek Oracle base breached using mdsys
Thanks Chris.
I notice that in the first post they say they will release a final review on July 31st, and on the second they say they will do it "in a forthcoming issue." I know I've done that type of thing many times...
Apart from the O'Reilly book on Oracle security, and a handful of web sites, I haven't seen too much information posted re. Oracle security.
Most of what I've seen has to do with default acounnt/password combination, including the listener's, clear text passwords that most people allow over the network, standard port numbers, and problems with some of the default Oracle roles, esp. connect and resource.
Does anyone out there have more info on how to properly secure Oracle databases (without buying the Secure Oracle or Trusted Oracle option)?
I hear more about OS-related vulnerabilities than about Oracle vulnerabilities.
Regards,
Patrice Boivin
Systems Analyst (Oracle Certified DBA)
-----Original Message----- From: Bowes, Chris [SMTP:Chris.Bowes_at_kosa.com] Sent: Thursday, August 10, 2000 1:19 PM To: Multiple recipients of list ORACLE-L Subject: eweek Oracle base breached using mdsys Don't know if this was posted here or not. It was a hacker testsetup. They "worked so hard" to secure the site and left a default password unchanged...
http://www.zdnet.com/eweek/stories/general/0,11011,2604981,00.html
<http://www.zdnet.com/eweek/stories/general/0,11011,2604981,00.html>
and a follow up
http://www.zdnet.com/eweek/stories/general/0,11011,2606344,00.html
<http://www.zdnet.com/eweek/stories/general/0,11011,2606344,00.html>
Received on Fri Aug 11 2000 - 05:50:51 CDT