RE: Oracle Worm

• From: "Goulet, Dick" <DGoulet@xxxxxxxx>
• To: "Paul Drake" <bdbafh@xxxxxxxxx>
• Date: Thu, 3 Nov 2005 16:13:12 -0500

I think what Alexander Kornbrust, founder and CEO of
Red-Database-Security, would prefer is that we dba's make sure that
default usernames and passwords are not in play.  I wonder how many
default passowrds are still out there?  It wasn't that long ago that I
was helping a friend with a database problem, at another compnay in the
neighboorhood, and managed to connect system/manager. 

-----Original Message-----
From: Paul Drake [mailto:bdbafh@xxxxxxxxx] 
Sent: Thursday, November 03, 2005 3:58 PM
To: Goulet, Dick
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: Oracle Worm

On 11/3/05, Goulet, Dick <DGoulet@xxxxxxxx> wrote:
> Just got the following link from an E-week news message.  Think all of
> us will be interested.
>
>
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038290.h
> tml
>
> Or:
>
> http://tinyurl.com/9so5f
>
> Dick Goulet
> Senior Oracle DBA
> Oracle Certified DBA
> --


Dick,

In the spirit of David Litchfield's recent postings, I propose the
possible remediation of putting in place a database trigger that
prevents creation of a table named "X".

That should take care of it, right? ;)

Paul
--
//www.freelists.org/webpage/oracle-l

Other related posts:

• » Oracle Worm
• » Re: Oracle Worm
• » RE: Oracle Worm
• » RE: Oracle Worm
• » RE: Oracle Worm
• » RE: Oracle Worm
• » Re: Oracle Worm

1. Home
2. oracle-l
3. Archive
4. 11-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---