David Litchfield: Oracle database can be hacked remotely
A bug in the design of the Oracle database -- the world's top-selling software for storing electronic information -- could allow hackers to break into private databases via the Internet, said David Litchfield, chief research scientist of NGSSoftware Ltd, a UK-based computer security company.
"It allows an attacker without a user ID and password to take complete control. All firewalls become irrelevant," Litchfield said on Wednesday after presenting his research at the Black Hat hacking conference in Washington.
Litchfield said that he warned Oracle of the problem in November, hoping that the company would fix the flaw when it issued a group of quarterly security patches in January.