/>
X

Not Good

A proof of concept Oracle worm has been posted to the Full Disclousre list.The usual course of events is like this:1.
zd-defaultauthor-richard-stiennon.jpg
Written by Richard Stiennon on

A proof of concept Oracle worm has been posted to the Full Disclousre list. security blog image

The usual course of events is like this:

1. researcher discovers vulnerability 2. researcher tells software company 3. software company issues patch 4. users do nothing 5. Proof of Concept code posted 6. users do nothiing 7. Scanning for vulnerable machines starts 8. targeted attacks start 9. users do nothing 10. worm is released 11. all hell breaks out 12. users patch

So we are at step 5. Proof of Concept stage. A worm could appear any minute. Or not.

What is the potential danger? I remember the SQL Server bugs and the lead up to January 25, 2003, the infamous arrival of SQL Slammer. The wisdom of the day was "Who exposes their SQL Servers to the Internet?". The same goes for Oracle servers. You would be negligent if you allowed access to your big expensive, mission critical, databases from the Internet.

How many Oracle servers are exposed? We are going to find out, aren't we?

Related

He flew American Airlines, she flew United. For both, the unthinkable happened
screen-shot-2022-06-30-at-10-14-36-am.png

He flew American Airlines, she flew United. For both, the unthinkable happened

Business
Southwest Airlines has cancelled 20,000 flights. Now for the really bad news
screen-shot-2021-07-07-at-4-01-12-pm.png

Southwest Airlines has cancelled 20,000 flights. Now for the really bad news

Business
McDonald's and Chick-fil-A both have a big problem. Only one has a solution
screen-shot-2022-06-28-at-6-24-27-pm.png

McDonald's and Chick-fil-A both have a big problem. Only one has a solution

Business