At a recent security conference, David Litchfield, researcher at NGS Consulting, offered up a demonstration that exposed how a user could bypass Oracle Label Security and take complete control over an Oracle 11g database—granting himself system level privileges.
And while Litchfield has devoted ample time finding such security vulnerabilities in Oracle, Litchfield is reportedly moving on to other pastures—possibly computer forensics. Leaving on a high note, Litchfield grades Oracle with a B+ for security in the current Oracle 11g database but also added he thought Oracle was placing too much of the responsibility of security on third-party security tools.