X
Business
Home Business Tech Industry

Not Good

A proof of concept Oracle worm has been posted to the Full Disclousre list.The usual course of events is like this:1.
Written by Richard Stiennon, Contributor

A proof of concept Oracle worm has been posted to the Full Disclousre list. security blog image

The usual course of events is like this:

1. researcher discovers vulnerability 2. researcher tells software company 3. software company issues patch 4. users do nothing 5. Proof of Concept code posted 6. users do nothiing 7. Scanning for vulnerable machines starts 8. targeted attacks start 9. users do nothing 10. worm is released 11. all hell breaks out 12. users patch

So we are at step 5. Proof of Concept stage. A worm could appear any minute. Or not.

What is the potential danger? I remember the SQL Server bugs and the lead up to January 25, 2003, the infamous arrival of SQL Slammer. The wisdom of the day was "Who exposes their SQL Servers to the Internet?". The same goes for Oracle servers. You would be negligent if you allowed access to your big expensive, mission critical, databases from the Internet.

How many Oracle servers are exposed? We are going to find out, aren't we?

Editorial standards
Show Comments

Related

asus-zenbook-14-main

The work laptop I recommend to most people is not made by Apple or Lenovo

Microsoft Copilot

7 reasons I use Copilot instead of ChatGPT

Bose QuietComfort Ultra case

Why I travel with Bose's QuietComfort Ultra headphones instead of the Sony XM5