Oracle 'Worm' Exploit Modified

← Back to Stories (view on slashdot.org)

Oracle 'Worm' Exploit Modified

Posted by CowboyNeal on Saturday January 7, 2006 @04:24AM from the flirting-with-disaster dept.

answers writes "Two months after an anonymous researcher released the first public example of an Oracle database worm, the exploit code has been advanced and republished, adding new techniques to attack databases. From the article: "It's still very theoretical right now, but I don't think any DBA should be underestimating the risk," said Alexander Kornbrust, CEO of Red-Database-Security GmbH. "If you're running a large company with hundreds of valuable databases, a worm can be very destructive. It is very possible to use this code to release a worm. I can do this right now if I wanted to.""

4 of 87 comments (clear)

Min score:

Reason:

Sort:

Human's Love To Catagorize by Doomedsnowball · 2006-01-07 04:55 · Score: 2, Interesting

What would be the difference between a website displaying a "security bulletin" versus a website asking for "opensource virus collaboration"? I think there is a fine line between warning the public and informing virus authors. said Alexander Kornbrust, CEO of Red-Database-Security GmbH. "If you're running a large company with hundreds of valuable databases, a worm can be very destructive. It is very possible to use this code to release a worm. I can do this right now if I wanted to." The easier a bug is to exploit, the more carefully it should be handled in the press. IMHO.

--
7h3$3 4r3n'7 7h3 Ðr01Ð$ ¥0 4r3 £00|{1n9 f0r. M0v3 4£0n9. --OB1
Re:Backup Data? by DrSkwid · 2006-01-07 05:05 · Score: 2, Interesting

how would you know if it's been changed ?

--
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Blackmailing Oracle by Xemu · 2006-01-07 05:08 · Score: 3, Interesting

Alexander Kornbrust, CEO of Red-Database-Security GmbH. "...It is very possible to use this code to release a worm. I can do this right now if I wanted to." (emphasis mine)

Doesn't this sound very much like something a blackmailer would say?

Alexander is an ex-Oracle employee. I wonder if he was let go because of his poor judgement.

--
Tell your friends about xenu.net
Re:Backup Data? by Godeke · 2006-01-07 05:53 · Score: 2, Interesting

It seems that any "valuable operating system" would be sufficiently backed up in non-attackable media. So while it probably could create a lot of hassle, I'd have a hard time seeing this worm bringing down companies.

I changed that one quoted term to make a point: if we aren't going to be concerned here, why be concerned about all those other worms. Oh, I know... perhaps because having your servers in an unusable state while performing recovery is a bad thing which can cause serious financial and reputation difficulties for a company.

While you might say "but Oracle admins are smarter than windows admins" and I would have to agree, you seriously overestimate how seriously many Oracle admins take threats, including data loss. My experience has been that they are an order of magnitude better than the typical windows OS admin about backups (actually, most DBAs are) and yet I continue to visit companies where they haven't *tested* the recovery procedures in over a year nor do they implement off-site backups. In more extreme cases, the Oracle system was installed by a DBA who was later downsized and so the duties were transfered to the main IT group... who wouldn't know how to restore the database on a dare.

While I doubt an Oracle worm would be anywhere as bad as the SQL Slammer (which mostly preyed on MSDE [i.e., unadminstered] and poorly administered SQL Standard installs) in terms of disruption I could see it being significant. More significant than the repuation of Oracle admins would indicate.

--
Sig under construction since 1998.