Oracle 'Worm' Exploit Modified

Posted by CowboyNeal on Saturday January 7, 2006 @04:24AM from the flirting-with-disaster dept.

answers writes "Two months after an anonymous researcher released the first public example of an Oracle database worm, the exploit code has been advanced and republished, adding new techniques to attack databases. From the article: "It's still very theoretical right now, but I don't think any DBA should be underestimating the risk," said Alexander Kornbrust, CEO of Red-Database-Security GmbH. "If you're running a large company with hundreds of valuable databases, a worm can be very destructive. It is very possible to use this code to release a worm. I can do this right now if I wanted to.""

2 of 87 comments (clear)

Min score:

Reason:

Sort:

Article summary by mangu · 2006-01-07 04:42 · Score: 0, Redundant

Either change the "tiger" password or use an account other than "scott" to do any important job. TFA doesn't say much about the worm, they only mention that it uses the default usernames and passwords. Nothing to see around here, next story, please...
obZealotry by sheldon · 2006-01-07 05:17 · Score: 0, Redundant

This clearly means all Oracle users must switch to Apple Macintosh.