Litchfield exposes one last Oracle security bug before walking away from his database battles
Virginaia: In 2001, Larry Ellison brashly proclaimed in a keynote speech at the computing conference Comdex that his database software was “unbreakable.”
“You have this ideal vision of doing something for the greater good,” said David Litchfield, managing director of Next Generation Security Software Ltd. of London, who acknowledged that a small bit of his code might have been used in the attack. “I will probably no longer publish such code.” David Litchfield via The Washington Post
David Litchfield has devoted the last nine years to making the Oracle chief executive regret that marketing stunt. At the Black Hat security conference Tuesday afternoon, Litchfield unveiled a new bug in Oracle’s 11G database software, a critical, unpatched vulnerability that would allow a hacker to take control of an Oracle database and access or modify information at any security level.
“Anything that God can do on that database, you can do” Litchfield
The problem lies in the PLSQL Gateway, a component of the Oracle Internet Application Server, the Oracle Application Server and the Oracle HTTP Server, he said in an e-mail to the BugTraq mailing list :: Read the full article »»»»