Newsletters:

Oracle's Security Problems

Aug 3, 2004
By

CIO Update Staff






A British computer-security expert has identified dozens of vulnerabilities in current and prior versions of Oracle Corp.'s flagship database software, including flaws that could allow intruders to steal or alter sensitive data.

Oracle learned about the problems early this year and has taken some steps to fix them but hasn't eliminated the flaws, said David Litchfield, managing director of Next Generation Security Software Ltd., Surrey, England. Litchfield, who told the company of the problems, said some of the vulnerabilities should be considered critical because they could allow hackers to gain control of database systems without a user identification or password.

Oracle, Redwood Shores, Calif., touts its security credentials, including certifications that make its database systems eligible for purchase by the Pentagon.


Oracle executives say the company is completing work on patches for the vulnerabilities Litchfield has identified and expects to issue a security alert shortly. "I'm not disputing they're probably serious," said Mary Ann Davidson, Oracle's chief security officer.

This article was compiled and edited by CIO Update staff. Please direct any questions regarding its content to Allen Bernard, Managing Editor.

See the complete story at www.wsj.com (paid registration may be required).


 

0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.

Author:

Comment:

 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email

Comment:

(Maximum characters: 1200). You have characters left.