Ethical Hackers Find Oracle Vulnerability

Data security is always an issue, especially as more and more of our lives exist online.

CNN recently interviewed two hackers Bryan Seely and Ben Caudill, who discovered an unsettling security hole, uncovering intimate details like children’s school records, including detailed bus route information; arrest and prosecution information from a major Midwestern city; and the real names and numbers of intelligence agents visiting a major American port.

Seely and Caudill “ethical hackers.” Seely and Caudill – along with Rhino Security Labs’ lead researcher Dana Taylor – found that a weakness software giant Oracle discovered in 2012 – and provided a fix for – remains a huge vulnerability to any customer that missed or ignored the fix.

Oracle issued a response to the issue:
“We identified this issue two years ago. It was not a product coding defect allowing hackers to bypass security mechanisms. Instead, the product included a configuration setting allowing customers to disable security checks. Oracle identified that customers were leaving this setting open and immediately issued a patch that made the default setting for customers secure. This patch was issued as part of our regularly scheduled Critical Patch Update customers know to apply every quarter. Oracle notified all of our customers directly that they should apply patch. This process is commonplace in the industry,” said Oracle spokesperson Deborah Hellinger.

What’s the moral of the story here? You can’t wait for your software provider to contact YOU about these things – you need to be on top of security updates/fixes/patches, etc. so that your organization is not vulnerable. Being proactive versus reactive will allow you to come out on top!

Leave a Comment

Your email address will not be published. Required fields are marked *


Contact Us

If you have an urgent question regarding your software licensing or a software audit, please contact Miro right away.

(732)738–8511 x1208
Use the chat box on the right

About Us

Miro is a leading global provider of software asset management services, specializing in license management, audit advisory, negotiation tactics, support management, and cloud services. We help our clients maximize ROI on their software license investments, stay in compliance, and minimize the impact of audits. Miro's performance guarantee promises that our long-tenured, diverse, and passionate team of expert analysts provides insightful and actionable advice to help our clients achieve the best possible outcomes.