Oracle's software was hacked by interns in an hour, researcher says
Business Insider
Just this month, Oracle issued 154 new security patches for its software. 12 of those patches were for Oracle's E-Business Suite, its main financials app (the app that competes with rival SAP's main enterprise resource planning product).
Six of those 12 holes were found in about an hour by interns working at security researcher ERPScan Research, founder Alexander Polyakov tells Business Insider.
Some of the holes the interns found were very dangerous and could allow a clever attacker to gain a control of the apps, Polyakov says.
ERPScan Research set the interns on Oracle's software after Oracle Chief Security Officer Mary Ann Davidson got herself into hot water last August.
Davidson want on a rant in a now-deleted blog post about how she doesn't want Oracle's customers or outside security researchers to look for and report security bugs in Oracle's software products. She told the world that Oracle was more than capable of finding all the holes itself.
Oracle took down the blog post and spokespeople quickly distanced Oracle from Davidson's comments, saying they "didn't reflect" the company.
So maybe it's not big surprise that security is a big focus for the company right now.
On Tuesday afternoon, Oracle's executive chairman and CTO Larry Ellison will be giving details on his company's brand new plans to make Oracle's software more secure. He hinted that the new security tech could be built into Oracle's hardware, possibly inside the computer chip itself, and will be turned on by default, with no way to turn it off saying:
It's just a huge problem that most of the security features we give you, we give them to you and we tell you how to use them and we tell them how to turn them on and we train you. Wouldn't it be nicer if it was always on and always works and you didn't have to do anything?
- As Ilya Sutskever announces OpenAI exit, here’s a quick recap of his involvement in Sam Altman's firing last year
- DHFL scam, simplified: Here’s all about the Dheeraj Wadhawan case — allegedly India’s biggest banking loan fraud ever
- India-UK trade pact: Work in progress to resolve pending issues
- 5 most colourful mountains in the world
- Vivo takes the top spot in India: Top smartphone brands in Q1 2024