| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Exciting Oracle News :: Oracle DB Worm Code Published :: Oracle Passwords Crack in Mere Minutes
On Thu, 03 Nov 2005 13:12:32 -0500, RollForward Wizard wrote:
> Exciting Oracle News
Sure is ...
>
> Oracle DB Worm Code Published
> http://www.eweek.com/article2/0,1895,1880682,00.asp?kc=ewnws110205dtx1k0000599
>
With very simple solutions: don't set up or unlock the default accounts with default passwords; don't make utilities public that shouldn't be public. Duh!
As written in the article "with hundreds of databases, there is a good chance the DBA will miss a few". Any DBA who doesn't know how to write scripts, that is.
<heavy sigh>
> Researcher: Oracle Passwords Crack in Mere Minutes
> http://www.eweek.com/article2/0,1895,1878883,00.asp
Shows to go ya - Oracle had the right idea when they introduced Enterprise Authentication and password expiry and lockout.
Too bad people dont want to use them. We find organizations and developers STILL insist on one userid for the entire app.
When Convenience overrides Security we will always find the same joy [of viruses and worms] we experience in the world of Windows. It's probably the biggest reason why Windows has a problem.
<heavier sigh>
Apologies for the cross-posted reply. Follow-up set to comp.database.oracle.server
Further apologies for feeding the troll.
-- Hans Forbrich Canada-wide Oracle training and consulting mailto: Fuzzy.GreyBeard_at_gmail.com *** Top posting guarantees I will not respond further ***Received on Thu Nov 03 2005 - 12:28:30 CST
 |
 |