Processing .....please wait.. 
The article has been forwarded.... 
News >> Technology >>
Oracle database can be hacked: Researcher
Thursday, 04 February 2010, 15:17 IST
Boston: A computer security expert has revealed flaws in a widely used software from Oracle that allows hackers to remotely access sensitive information in corporate and government databases, reports Reuters.
A bug in the design of the Oracle database could allow hackers to break into private databases via the Internet, said David Litchfield, Chief Research Scientist of NGSSoftware, a UK based computer security company. "It allows an attacker without a user ID and password to take complete control. All firewalls become irrelevant," Litchfield said on Wednesday after presenting his research at the Black Hat hacking conference in Washington.
Litchfield said that he warned Oracle of the problem in November, hoping that the company would fix the flaw when it issued a group of quarterly security patches in January. Since Oracle failed to go public, he made the announcement.
According to Litchfield, about nine out of every 10 Oracle databases are vulnerable to attack. He said it is possible to change the default settings on Oracle's software to thwart potential hackers looking to exploit the vulnerability, adding that it was impossible to say whether any hackers had actually exploited the flaw to illegally break into a database.