[Previous entry: "patch set 10.1.0.5 does not include latest security fixes!"] [Next entry: "Oracle aims to tone security muscle with Fusion"]
leaking information about Oracle databases could be a dangerous thing
February 5th, 2006 by Pete
Post to del.icio.us
Post to Furl
I got an email from a someone last week (I wont reveal his name as I didn't ask him if it is OK to mention it here) who said he had found an interesting link whilst looking for something else and he thought I would find its contents interesting. The link is "Welcome to ITEC's Orasnap reports". This page has a lot of links to detailed reports generated by some tool called OraSnap v3.0.0 that reveals a lot of details about a lot of databases. An example is here.
Whilst it might not be possible for a hacker to access to these databases, some of the information is recent and detailed. The person who sent me this link said I should take a look as its interesting to see the details some sites reveal. The message here is check what your own websites reveal about your own Oracle installations. Don't send out a calling card inviting hackers to come in.
