SAP vulnerability, a Golden Opportunity for Hackers
An expert in computer security says that organizations using the business management application of SAP AG, namely SAPG.DE, can experience hackers' treacherous attacks in case of improper configuration on their systems.
According to Mariano Nunez Di Croce, the director of research and development with Onapsis, a computer security firm, due to vulnerability in the SAP software, consumers can be exposed to espionage, sabotage and fraud by the means of notorious backdoor attacks, as per the news published by Reuters on April 7, 2010.
Continuing to discuss the problem further, Nunez Di Croce stated that following a standard installation of default nature, any person can link up with a SAP database, change basic programs or do just anything else while remaining undetected.
Furthermore, the problem is quite grave, as numerous large corporations worldwide utilize SAP applications for carrying out manufacturing, accounting as well as other vital activities.
SAP, which provides business management applications at the highest rate in the world, stated that the danger of attack to consumers was only if they didn't protect their systems as per the company's suggestions.
Saswato Das, a spokesman for SAP, said that his company trusts that if consumers follow company's security guidelines, there will be no danger of unauthorized entry into systems through a backdoor, according to the news published by Itnews on April 9, 2010.
Understandably, SAP protects its software with multiple stages of security. However, according to Nunez Di Croce, hackers are capable of penetrating those protections by means of their manipulation through a database, which isn't properly secured.
Remarking about the situation, Nunez Di Croce said that in case hackers manage to compromise a SAP computer, they could plant malware and steal confidential data or influence crucial business processes.
There are three big firms that make databases by frequently using SAP's business management programs. These are Microsoft Corp., making MSFT.O, International Business Machines Corp, making IBM.N and Oracle Corp., making ORCL.O.
Finally to keep organization PCs safe from hacks, Onapsis is to issue free software for the purpose, while Nunez Di Croce said he wasn't certain about the frequency at which hackers exploited the vulnerability.
Related article: SAP Admits the Charges of Downloading Oracle’s Data
» SPAMfighter News - 20-04-2010