Wednesday, July 22, 2009

Hacking Oracle's Database Will Soon Get Easier

A Reuters newswire article by Jim Finkle, via, reports that:

Hackers will soon gain a powerful new tool for breaking into Oracle Corp's database, the top-selling business software used by companies to store electronic information. Security experts have developed an easy-to-use, automated software tool that can remotely break into Oracle databases over the Internet to simulate attacks on computer systems, but cybercrooks can use it for hacking.

The tool's authors created it through a controversial open-source software project known as Metasploit, which releases its free software over the Web. Chris Gates, a security tester who co-developed the Metasploit tool, will unveil it next week at the annual Black Hat conference in Las Vegas, where thousands of security experts and hackers will gather to exchange trade secrets.

"Anyone with no skill and knowledge can download and run it," said Pete Finnigan, an independent consultant who specializes in Oracle security and who advises large corporations and government agencies. He has not yet studied the Oracle tool but is familiar with other Metasploit software and said it works by automating many of the complicated procedures required to hack into Oracle databases, allowing amateurs to hack into them.

Oracle, which declined to comment, has already issued patches to protect against vulnerabilities that the Metasploit tool targets.

More here.


Post a Comment

<< Home