Full Disclosure mailing list archives
RE: Recall: Oracle read-only user can insert/up date/delete data
From: "Richards, Jim" <jim.richards () dot state wi us>
Date: Thu, 13 Apr 2006 09:31:32 -0500
At a previous company I sysadmined at, I had just finished installing the rightfax server, with outlook integration (or maybe ccmail I forget), but anyhow, an email/fax came out to all of our dealers and customers stating that our new product was slightly delayed due to something. The VP of sales apparently hit reply-to-all and said "If they only realized it was totally f*cked due to some giant problem in the hardware design, and it would likely never function as advertised, blah blah" I have never seen a more frightened look on anyone as he ran into my office yelling "pull the f*cking plug! Quick!!!!!!" It had already emailed and faxed to hundreds of people... -----Original Message----- From: Michael Holstein [mailto:michael.holstein () csuohio edu] Sent: Thursday, April 13, 2006 8:11 AM To: Mike Owen Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Recall: Oracle read-only user can insert/update/delete data
In my experience, it doesn't even work in an Exchange environment. The user gets a message that the message should be recalled, but the original is still there, even if it hasn't been read yet. I've heard people say that at one time it would auto-delete the message if it hadn't been read, but I've never seen that.
It does, provided you read the "recall" message first -- but since Outlook (by default) displays in reverse chronological order, and most people read email in the order received, it does little good. Back when I was involved in Exchange administration, I can't tell you how many times I had to stop services and run exmerge against the store to clean out messages that somebody accidently sent to a distribution list. That .. and all the people that got embarassed due to incorrect use of "reply-all" ;) ~Mike. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Recall: Oracle read-only user can insert/up date/delete data Richards, Jim (Apr 13)