Defcon 2006: Oracle not so "unbreakable"
August 7, 2006[From Toms Hardware Guide]
Las Vegas (NV) - Your company's cleaning staff could be illegally moonlighting as your Oracle database administrator. Alexander Kornbrust, founder and CEO of Red Database Security, says hackers could easily exploit vulnerabilities in Oracle database and gain administrator access. Speaking at the Defcon security convention in Las Vegas, he also explained that administrator passwords are often stored and easily retrieved on company computers.
Kornbrust talked to a packed audience for his Oracle 2.0 rootkits session, but despite the ominous sounding title, he told TG Daily that his purpose was not to show a complete rootkit. "I just want to show how easy it is to gain administrator privileges," said Kornbrust. He believes there are 40 to 50 vulnerabilities, ranging from minor to critical, in Oracle 10G.
The article continues at http://tomshardware.co.uk/2006/08/07/defcon2006_oracle_rootkits/