Vulnerability Development mailing list archives
Re: Ellison: Oracle Database is 'Unbreakable'
From: Pete Finnigan <pete () peterfinnigan demon co uk>
Date: Sat, 17 Nov 2001 19:23:26 +0000
Hi all Oracle do seem to be pushing security from every angle and in the UK I believe they have recently formed a department to offer security services, pentest's and audits, maybe its a publicity stunt to attract interest in the security addons and services.:-) I do Oracle security audits and pentest's and i have never yet seen an oracle database or applications that have been installed securely yet. In particular the 9iAS application server has quite a lot of issues that can allow access to be gained or privilege escalation to be had. Its a pity that Larry is not offering $1,000,000 to break in like they did recently for performance challenges. just my two penneth, cheers Pete Finnigan www.pentest-limited.com In article <20011116112119.B26436 () securityfocus com>, aleph1 () securityfocus com writes
http://www.varbusiness.com/components/Nl/Insider/article.asp?ArticleID=31368 [ snip ] Ellison also said hackers and cybercriminals can't break into the database because of its enhanced security and stability. He said he was warned not to call Oracle 9i unbreakable because it would attract hackers eager to break into Oracle databases, but despite increased attacks recently, all attempts have failed so far, Ellison said. "I'm not inviting hackers, but so far, with more than 1,000 attacks a day, we're still running," Ellison said. "Our very first customer was the CIA. Our second customer was the National Security Agency." [ snip ] "What we're proposing is you keep your Microsoft Outlook, we'll make it unbreakable," Ellison said. "And unbreakable means you can't break it and you can't break in." [ snip ] More at http://www.oracle.com/features/events/index.html?ljecomdex.html Sounds like a challenge to me. I think you can download evaluation copies of Oracle products at http://otn.oracle.com/software/content.html
-- Pete Finnigan IT Security Consultant PenTest Limited Office 01565 830 990 Fax 01565 830 889 Mobile 07974 087 885 pete.finnigan () pentest-limited com www.pentest-limited.com
Current thread:
- Ellison: Oracle Database is 'Unbreakable' aleph1 (Nov 16)
- Re: Ellison: Oracle Database is 'Unbreakable' Pete Finnigan (Nov 18)
- Re: Ellison: Oracle Database is 'Unbreakable' dreamwvr (Nov 18)
- Re: Ellison: Oracle Database is 'Unbreakable' Lincoln Yeoh (Nov 21)
- Re: Ellison: Oracle Database is 'Unbreakable' Pete Finnigan (Nov 18)