We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,864 News Articles

Black Hat: Shark-bitten security researcher takes another chomp out of Oracle database

A researcher scored again against Oracles database by demonstrating at the Black Hat security conference Thursday an exploit that would allow him to take control as an administrator.

David Litchfield, a researcher at Accuvant Labs, demoed what he called the PWNORACLE exploit against the Oracle 11g database, earning applause from his audience, some of whom also photographed the exploit code he projected on-screen.  In 2010 at a Black Hat event, Litchfield showed how to subvert security in the 11g database by exploiting zero-day vulnerabilities.

This weeks Litchfield demo was part of a larger presentation about Oracle database flaws pertaining to indexes.

SLIDESHOW: Quirkiest scenes from Black Hat 2012

MORE BLACK HAT: Researcher wows Black hat with NFC-based smartphone hacking demo

Litchfield said he has already reported the vulnerability he discovered to Oracle and thought they would have fixed it by now.

Litchfield -- whose arm was bandaged due to a mild shark bite from a great white shark sustained while photographing underwater from a protective cage emphasized during his talk that Oracle has shown marked improvement in holding down vulnerabilities found in its database versions over the past two years.

Still, the recent push from Anonymous to break into databases means that security managers need to understand how hackers break in, Litchfield said.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'