- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - A researcher scored again against Oracle's database by demonstrating at the Black Hat security conference Thursday an exploit that would allow him to take control as an administrator.
David Litchfield, a researcher at Accuvant Labs, demoed what he called the PWNORACLE exploit against the Oracle 11g database, earning applause from his audience, some of whom also photographed the exploit code he projected on-screen. In 2010 at a Black Hat event, Litchfield showed how to subvert security in the 11g database by exploiting zero-day vulnerabilities.
This week's Litchfield demo was part of a larger presentation about Oracle database flaws pertaining to indexes.
SLIDESHOW: Quirkiest scenes from Black Hat 2012
|Black Hat panel: Which do you trust less with your data, the U.S. government or Google?|
|Tatu Ylonen, father of SSH, says security is 'getting worse'|
|Researcher wows Black Hat with NFC-based smartphone hacking demo|
|Black Hat: Cyber-espionage operations vast yet highly focused, researcher claims|
MORE BLACK HAT: Researcher wows Black hat with NFC-based smartphone hacking demo
Litchfield -- whose arm was bandaged due to a mild shark bite from a great white shark sustained while photographing underwater from a protective cage -- emphasized during his talk that Oracle has shown "marked improvement" in holding down vulnerabilities found in its database versions over the past two years.
Still, the recent push from Anonymous to break into databases means that security managers need to "understand how hackers break in," Litchfield said.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: email@example.com.
Read more about security in Network World's Security section.