the world as we write it

smiley status'

    eat my Twitter?

    The Black Rider

    authentic since 1981 'welcome to my bomboclot mind'

    Thursday, July 23, 2009

    Reuters - Hacking Oracle's database will soon get easier

    This article was sent to you from bombastic4000@yahoo.com, who uses Reuters Mobile Site to get news and information on the go. To access Reuters on your mobile phone, go to:
    http://mobile.reuters.com

    Hacking Oracle's database will soon get easier

    Wednesday, Jul 22, 2009 7:55PM UTC

    By Jim Finkle

    BOSTON (Reuters) - Hackers will soon gain a powerful new tool for breaking into Oracle Corp's database, the top-selling business software used by companies to store electronic information.

    Security experts have developed an easy-to-use, automated software tool that can remotely break into Oracle databases over the Internet to simulate attacks on computer systems, but cybercrooks can use it for hacking.

    The tool's authors created it through a controversial open-source software project known as Metasploit, which releases its free software over the Web.

    Chris Gates, a security tester who co-developed the Metasploit tool, will unveil it next week at the annual Black Hat conference in Las Vegas, where thousands of security experts and hackers will gather to exchange trade secrets.

    "Anyone with no skill and knowledge can download and run it," said Pete Finnigan, an independent consultant who specializes in Oracle security and who advises large corporations and government agencies.

    He has not yet studied the Oracle tool but is familiar with other Metasploit software and said it works by automating many of the complicated procedures required to hack into Oracle databases, allowing amateurs to hack into them.

    Oracle, which declined to comment, has already issued patches to protect against vulnerabilities that the Metasploit tool targets. But some companies are not diligent in upgrading their software to add the patches, so they are vulnerable to attackers using the new tool. They hire consultants like Gates to help them make sure they are protected.

    Metasploit hacks are available for other software programs, including Microsoft Corp's Windows as well as the Firefox and Internet Explorer browsers.

    Gates said this is the first Metasploit program to target Oracle's database.

    "There is no way to keep these tools out of the hands of people who want to use them for nefarious purposes," said Alan Paller, director of research for the SANS Institute. SANS trains security professionals in areas including use of Metasploit.

    Security testers and hackers have previously used other programs to break into Oracle databases, but the new software from Metasploit is easier to operate and runs more quickly than existing options, said Gates.

    Metasploit is the most widely used free hacking tool and has a loyal following in the security community.

    In addition to letting hackers break into databases over the Internet, the Metasploit tool allows rogue employees to access them from their work PCs.

    Workers could break into an Oracle system and secretly steal confidential data such as credit card numbers, give themselves pay raises or make other changes to corporate databases, said Finnigan, who has specialized in Oracle security for eight years.

    (Reporting by Jim Finkle; Editing by Richard Chang)

    About Me

    My photo
    If you know me then you know my name. I am The Black Rider and the world is my Flame. The rider writes, observes, creates, produces, and learns the world around him. Ride on. Ride on!

    The Remnants