Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: eweek Oracle base breached using mdsys

RE: eweek Oracle base breached using mdsys

From: Boivin, Patrice J <BoivinP_at_mar.dfo-mpo.gc.ca>
Date: Fri, 11 Aug 2000 07:50:51 -0300
Message-Id: <10586.114341@fatcity.com>


Thanks Chris.

I notice that in the first post they say they will release a final review on July 31st, and on the second they say they will do it "in a forthcoming issue." I know I've done that type of thing many times...

Apart from the O'Reilly book on Oracle security, and a handful of web sites, I haven't seen too much information posted re. Oracle security.

Most of what I've seen has to do with default acounnt/password combination, including the listener's, clear text passwords that most people allow over the network, standard port numbers, and problems with some of the default Oracle roles, esp. connect and resource.

Does anyone out there have more info on how to properly secure Oracle databases (without buying the Secure Oracle or Trusted Oracle option)?

I hear more about OS-related vulnerabilities than about Oracle vulnerabilities.

Regards,
Patrice Boivin
Systems Analyst (Oracle Certified DBA)

	-----Original Message-----
	From:	Bowes, Chris [SMTP:Chris.Bowes_at_kosa.com]
	Sent:	Thursday, August 10, 2000 1:19 PM
	To:	Multiple recipients of list ORACLE-L
	Subject:	eweek Oracle base breached using mdsys

	Don't know if this was posted here or not.  It was a hacker test
setup. They "worked so hard" to secure the site and left a default password unchanged...

        http://www.zdnet.com/eweek/stories/general/0,11011,2604981,00.html
<http://www.zdnet.com/eweek/stories/general/0,11011,2604981,00.html>

        and a follow up

        http://www.zdnet.com/eweek/stories/general/0,11011,2606344,00.html
<http://www.zdnet.com/eweek/stories/general/0,11011,2606344,00.html>
Received on Fri Aug 11 2000 - 05:50:51 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US