Oracle Breakable After All

Billy writes "Unless you've been living in a cave, you've seen Oracle's Unbreakable campaign (Can't break it. Can't break in.), which was kicked-off by Larry Ellison personally at Comdex last November. Now U.K. security researcher David Litchfield says you can break in, thanks to at least seven different security holes in Oracle 9i, according to this SecurityFocus story. Oracle's top security manager is quoted as saying that "unbreakable" doesn't really mean unbreakable, or something."

Re:The first Slashdot troll post investigation

[heliocentric]

Ok, here's an ontopic (ie, to the /. article) post that just happens to be attached to the infamous OT post. If this comment get's mod'd offtopic by editors and not users then we can postulate that assuming a responce to something deemed OT does not imply it (the responce) is also OT and there is a flaw in the script that is hitting all comments here.

Anyway, I found this article late, and that's why I'm posting here. I was thinking about the implications of the recent US ruling about liability of software makers for security vulerabilities. I am to a degree in favor of this type of thing as I think we need a little better accountability, however I fear what it may mean, and this Oracle issue is sort of in the spot light now with it. One can use pre/post conditions to their functions and one can then create a formal proof by dragging their post conditions across the code and see how this relates to the pre conditions. Similarly, methods exist to prove that a loop will end given certain conditions (ie the pre conditions). But, there is a fundamental concept of computer science, the halting problem, that says you can not use a computer to see if a program will run forever. Similarly I fear issues exist in proving that one piece of source both runs properly and is secure. Plus, a major issue of computer security is how computer software is used. This anticipation is discussed in this paper which I read recently and seems to have more interest given the recent changes in attitude towards security.