Researchers offer tool to break into Oracle database systems

Security experts Chris Gates and Mario Ceballos plan to release tools for breaking into Oracle Database systems during their presentation on "Oracle Pentesting Methodology" at the Black Hat and Defcon hacker conferences next week.

The various attacks will be implemented as Metasploit auxiliary modules and seek to exploit vulnerabilities discovered in Oracle's flagship database product over the years. Metasploit is an open-source platform commonly used by security experts to run penetration tests on internal systems for the purpose of discovery and attack mitigation.

Gates told CNET that he has not contacted Oracle about his presentation, since the exploits that he will be presenting are not new and ways to mitigate them are already public.

"If administrators haven't applied the patches, then the databases were/are vulnerable," Gates told the website, noting that "These tools just help streamline the penetration testing process." Organizations serious about security will benefit by grabbing the modules once they are available and running the exploits against their own systems to ensure that all relevant patches have been installed.

For more on this story:
- check out this article at CNET News

Related Articles:
Court order puts a stop to Defcon talk on subway hacks
Hackers claim $10,000 prize for breaking into webmail
Just launched IE 8 successfully hacked

Mifare Classic RFID successfully hacked

MacBook Air 'PWNED' in 2 minutes flat