Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Oracle to make patches available for 31 security flaws

Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

August 4, 2004

Database software maker Oracle promised on Tuesday to quickly make patches available for more than 30 flaws found recently by a British security researcher. While details of the flaws have not been made public, researcher David Litchfield offered some general information about the issues at the Black Hat Security Briefings in Las Vegas last week.

Oracle addressed the issue in a statement to CNET "Security is a matter we take seriously at Oracle and, while we stand firmly behind the inherent security of our products, we are always working to do better. Oracle has fixed the issues...and will issue a security alert soon."

While Litchfield, who is managing director of Next-Generation Security Software, had planned to release information about the database flaws last week, he held off because of the lack of patches. Litchfield first notified the software company of the problems--some of which he ranked as critical--in January.

Litchfield said Tuesday that although he has repeatedly pointed out the flaws in Oracle's database software, the company has yet to issue any patches because of an ongoing shift in its corporate policies for releasing such information.

The flaws Litchfield uncovered aren't the only ones Oracle has had to deal with this year. The database giant in June released a patch for a critical flaw in the company's Oracle 11i E-Business Suite.

Litchfield refused to elaborate in detail on the problems in the software, which he fears would allow hackers to rapidly launch attacks against Oracle's customers. But he said the problems range from large to small, from so-called buffer and heap overflow issues to poor password protection.

In some cases, he said, people without any username or password information could gain access to the Oracle systems, while in other cases individuals with only limited access permissions could covertly upgrade their status to database administrator levels.

Litchfield said he first began actively looking for holes in Oracle's software two years ago, when the company launched its "unbreakable" marketing campaign, which touted the security strengths of its database software. With the help of several colleagues, Litchfield claims, he found close to 50 flaws in the company's database programs in less than 24 hours.

"It was probably unwise for Oracle to advertise itself as 'unbreakable,' and I know it raised some eyebrows even within the company," he said. "But marketing doesn't necessarily consult the developers when it builds its message for the public."

Litchfield points out that anyone who takes the time to peruse the company's listings of its previous security patches can figure out for themselves how vulnerable the company's products have been. However, the security expert said that Oracle is no more culpable of trying to downplay vulnerabilities than many of its competitors, including Microsoft, IBM and others.

Litchfield said that Oracle may want to take a page from Microsoft's book in terms of improving the company's overall approach to patching holes in its software.

"Microsoft has traditionally been a big target, and they've suffered publicly because of that," he said. "But Microsoft has adopted better internal processes to address the problem, and they've now advanced past the rest of the market in terms of their ability to respond to new issues."

Source: C-Net News

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

Back to the top of the page.         

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet 2003    Terms of use    Privacy agreement    Legal disclaimer