This morning when I was checking my work e-mail from home, I found this e-mail from “Oracle Global Product Security” in my in-box:
————–Start of e-mail———–
Dear Oracle customer,
Oracle Global Product Security has investigated the recent Internet publication of the so-called Oracle Voyager Worm that is designed to target Oracle databases. In its current form, the code is incomplete and poses no immediate threat to Oracle customers. The code does not expose or attempt to exploit an Oracle product security vulnerability. Instead, the code outlines an attack against Oracle database systems that have been configured insecurely.
Oracle considers adherence to industry standard security practices the best way for customers to protect their database systems. A MetaLink note is now available that outlines the minimum essential steps customers should take to mitigate future attempted attacks against their Oracle databases. Customers who already follow industry standard security best practices, including those who have hardened or locked down their database systems, may still benefit from reviewing the MetaLink note.
The MetaLink Doc ID is 340009.1:
http://metalink.oracle.com/metalink/plsql/showdoc?db=NOT&id=340009.1
Additional references:
http://www.oracle.com/technology/deploy/security/db_security/index.html
http://www.oracle.com/technology/deploy/security/pdf/…
Sincerely,
Oracle Global Product Security
————–End of e-mail———–
Now, I’m off to the dentist…Ouch!
Possibly related:
- Why invest in Oracle
- SYS_CONTEXT in Oracle
- Did you call me?
- A Different World
- Guess How Many Database Editions Oracle Has
Tagged Security, worm | Post a Comment
Home > About This Post
This entry was posted by Eddie Awad on Saturday, November 5th, 2005, at 2:09 pm, and was filed in Oracle.
Subscribe to the
RSS 2.0 feed for all comments to this post.
Post a Comment