Thursday, November 03, 2005

Oracle worm

Hi,

I was pleased to hear that a POC code for an Oracle worm had been written.
I like the concept of it, of course more features can be added (like getting information from the db_links, etc.) but it is a good start.

I think it is important that companies raise their awareness regarding DB security (as they are).

This is one of the news articles talking about the worm:
http://www.theage.com.au/news/breaking/worm-turns-on-oracle/2005/11/02/1130823249118.html

A link to Alexander Kornbrust of Red Database Security analysis of the worm:
http://www.red-database-security.com/advisory/oracle_worm_voyager.html

And the actual code:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038290.html

Regards,
Guy

No comments: