Oracle 'Worm' Exploit Modified

answers writes "Two months after an anonymous researcher released the first public example of an Oracle database worm, the exploit code has been advanced and republished, adding new techniques to attack databases. From the article: "It's still very theoretical right now, but I don't think any DBA should be underestimating the risk," said Alexander Kornbrust, CEO of Red-Database-Security GmbH. "If you're running a large company with hundreds of valuable databases, a worm can be very destructive. It is very possible to use this code to release a worm. I can do this right now if I wanted to.""

Really lame

[eyepeepackets]

Note to Editors:

We're used to having a big, fat juicy target to poke fun at and this just doesn't cut it. Oracle is not nearly as much fun as Microsoft, mostly because the Oracle folks are more professional and actually get and deserve some respect from humans on this planet.

As concerns this worm: A default password entry and then run a script? The Microsoft .wmf design flaw attack doesn't even require a password to get things going, so I guess Microsoft wins this round on points for "ease of use" and "elegant design." WMF could be the one true Microsoft innovation we've all been waiting for and then everyone trashes them for it. Ingrates.

So give us some real meat to chew on, not this veggie bean curd stuff, ugh.

Cheers.