PL/SQL Attack: New Way to Hack into Oracle
David Litchfield, Database Security Researcher, documented SQL injection attack, which can be used against the Oracle database, as reported on April 29, 2008 by InformationWeek.
According to Litchfield, for conducting this attack, the attacker needs a database account, proving that this kind of attack cannot occur in normal atmosphere but only in research lab.
Erich Maurice, Manager, Security, Global Technology Unit, Oracle, said that a blog from Litchfield revealed that attacker can easily place "a lateral SQL injection" attack in database by using PL/SQL query language of Oracle. He warned database developers that attackers are capable enough to place an attack in database application, as per the news reported on April 29, 2008 by InformationWeek.
» SPAMfighter News - 5/8/2008
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!