I think what Alexander Kornbrust, founder and CEO of Red-Database-Security, would prefer is that we dba's make sure that default usernames and passwords are not in play. I wonder how many default passowrds are still out there? It wasn't that long ago that I was helping a friend with a database problem, at another compnay in the neighboorhood, and managed to connect system/manager. -----Original Message----- From: Paul Drake [mailto:bdbafh@xxxxxxxxx] Sent: Thursday, November 03, 2005 3:58 PM To: Goulet, Dick Cc: oracle-l@xxxxxxxxxxxxx Subject: Re: Oracle Worm On 11/3/05, Goulet, Dick <DGoulet@xxxxxxxx> wrote: > Just got the following link from an E-week news message. Think all of > us will be interested. > > http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038290.h > tml > > Or: > > http://tinyurl.com/9so5f > > Dick Goulet > Senior Oracle DBA > Oracle Certified DBA > -- Dick, In the spirit of David Litchfield's recent postings, I propose the possible remediation of putting in place a database trigger that prevents creation of a table named "X". That should take care of it, right? ;) Paul -- //www.freelists.org/webpage/oracle-l