Back in 2001 Larry Ellison declared that Oracle was Unbreakable.
The database giant recently launched an advertising campaign with the slogan "Unbreakable", which is meant to suggest that Oracle's software doesn't break down and can't be broken into.
Well, Um - no... a couple of days ago CERT issued an advisory saying that Oracle's E-Business Suite has an SQL Injection Vulnerablity. Which basically means that using the right scripting code - an attacker can break into an Oracle Database and compromise EVERYTHING! None of the authentication mechanisms will stop it... Oh yeah, and when they say everything they mean everything - the application, the data itself and even the underlying operating system.
I wonder who gets the prize?
Comments