Oracle Breakable After All 878
Billy writes "Unless you've been living in a cave, you've seen Oracle's Unbreakable campaign (Can't break it. Can't break in.), which was kicked-off by Larry Ellison personally at Comdex last November. Now U.K. security researcher David Litchfield says you can break in, thanks to at least seven different security holes in Oracle 9i, according to this SecurityFocus story. Oracle's top security manager is quoted as saying that "unbreakable" doesn't really mean unbreakable, or something."
I haven't seen it! (Score:2, Funny)
I guess I've been living in a cave.
Reverse Psychology (Score:3, Funny)
MS could just announce that "Our software code is like swiss cheese when it comes to security" and #POOF#, all the holes would be sealed for good.
To paraphrase an old koan: (Score:4, Insightful)
Another software company said to the public, "Our product is not unbreakable." And the public replied, "You're right, you are not unbreakable."
Would this qualify under (Score:3, Insightful)
Liability (Score:4, Insightful)
The more I've thought about this, the more likely it seems. And a key aspect to this is that my OS vendor, SuSE, and ilk (Red Hat, Mandrake, etc) would be nailed just as much as MS, except with less money in the bank, they would be killed much more swiftly. Now, two of those are outside of the USA, so it's not a direct correlation, but there are some serious ramifications to software liability that occur in as reactive a society as we have today.
Certainly this announcement would instantly have a dozen law firms seeking people running Oracle to launch a multi-billion dollar suit of some flavor. And while certainly not "unbreakable", and (IMO) a bit overpriced, Oracle being available is a Good Thing. Of course they have holes. I'm equally sure that they will likely address them quickly (Quickly being relative to the company involved). Introducing *sane* liability (at least in America) is going to be very difficult in a society that is making it neigh impossible to be a medical doctor, and is driving up medical costs due to the extensive CYA documentation (videotapes, extensive reports, etc) now required by industry insurance.
--
Evan "I'm pretty sure this is ontopic" E.
Same as with the Titanic... (Score:2, Funny)
Security Myth (Score:2, Insightful)
Nate Tobik
Re:Security Myth (Score:2, Funny)
Announce your softaware is unbreakable
Re:Security Myth (Score:3, Flamebait)
Oh really? A buffer overflow isn't a big hole? Buffer overflow bugs can be prevented by a middle-school hacker. This is elementary stuff. Doesn't anybody believe in putting limits on characters? This is simple to prevent.
Why are their STILL companies that fall victim to buffer overflow holes?!
Buffer Overflows Myth (Score:4, Insightful)
> middle-school hacker. This is elementary stuff.
> Doesn't anybody believe in putting limits on
> characters? This is simple to prevent.
This is pure bullshit. Are the programmers of
Apache, IIS, Half-Life, Quake 3 Arena, Perl, SSHD, glibc, wu_ftpd, or BIND at the middle school level? Windows NT? How about the linux kernel? All have had buffer overflows, and I'll bet that many of them still do.
Unfortunately it is not always as simple as "putting limits on characters". The simple fact is that the C language is practically designed to make buffer overflow bugs easy to write and easy to exploit.
I agree with you that buffer overflows are serious, though. That's why I think it is ridiculous that we still write security-critical network software in C. Sometimes it is hard to get around, like in the linux kernel when you need to do hardware access (a microkernel architecture might make it easier to write certain parts in higher-level languages). You might argue that performance would be impacted (I don't think this is true, especially with network software where the network is the real bottleneck), but even this argument falls through for 99% of users, since most users are far from full utilization of their processor. However, almost all users *are* affected by security holes.
Too true (Score:5, Funny)
"Hello, helpdesk? I need to edit the Oracle config files, and I forgot the Oracle user's unix password."
"Hello, helpdesk? Brad Pitt's a friend of mine and will go out with you if you give me the root password for the Oracle box."
I'd like to know... (Score:3, Insightful)
I guess another question would be, while Oracle is by no means a small company, if the company name started with an M and ended with 'icrosoft' would we be demanding more information?
Mirror: (Score:3, Informative)
Unbreakable in a legal sense... (Score:3, Offtopic)
Legally they are correct. The DMCA says you can't break it, and various other laws say you can't break in.
Re:Unbreakable in a legal sense... (Score:2)
Wasn't there some kind of cash prize for anyone who could break an oracle db?
Re:Unbreakable in a legal sense... (Score:2, Interesting)
The reasoning is that
- Oracle has several "access control" features
- Customers use those "access control" features to control copyrighted material
- An Oracle exploit would then end up being a copyright control circumvention of some customer or the other
Slashdot New Flash... (Score:3, Funny)
crazy fucking ceos (Score:4, Offtopic)
Re:crazy fucking ceos (Score:5, Funny)
Wasn't Breaking in the whole point ? (Score:3, Interesting)
Now i wonder, it worked they all readdy found 7!
Quazion.
Re:Wasn't Breaking in the whole point ? (Score:2)
i tend to think that this campaign was purely a marketing thing, not an engineering decision. i know i would prefer to keep the software in qa a little longer, rather than take on the world. i mean, if they still had buffer overflow errors in the code, it's far from unbreakable. don't you think they would've cleared out all the obvious bugs if it was their decision. gotta love runaway execs.
A method to the madness, maybe? (Score:2, Interesting)
And this comes from... (Score:5, Funny)
That leaves me feeling warm and fuzzy inside.
Can't even land his airplane on time. (Score:3, Funny)
Bull (Score:3)
That's odd.... (Score:3, Funny)
"The Oracle database server itself runs on some sixty odd different operating systems,"
How many non-odd operating systems does it run on??
Re:That's odd.... (Score:3, Funny)
Have you turned on a computer lately? We've got desk lamp appearing things that have buttons that look like they should be licked instead of clicked. We've got most beige boxes being upgraded to Fisher Price's My First GUI. We've got most of the remainder running a GUI which answers "how many widget sets can you fit into a phone booth". And we've got operating systems designed by the occasional upstart company who thinks they can suddenly "break in" to a saturated market dominated by network effects and owned by organizations who all agree that giving your product away for free is at least better than letting the competition make money.
There are no non-odd operating systems.
does anyone actually expose the DB to the world? (Score:2, Insightful)
Re:does anyone actually expose the DB to the world (Score:4, Insightful)
The fact that defense in depth is a good idea does not justify allowing one of the layers to be weak. The defenses at every level should be as strong as possible, and that ideally means a bug-free app server and a bug-free database.
Weinberg's law of programming; (Score:3, Funny)
If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.
(this is twenty years old)
Re:Weinberg's law of programming; (Score:4, Troll)
When we have been programming for as long as we have been building things, then that quaote will be valid.
I am willing to bet that the buildings that where built during the first 50 years the human race had been building building wheren't all that good.
Yikes, what a sentence.
Re:Weinberg's law of programming; (Score:3, Funny)
Re:Weinberg's law of programming; (Score:2)
Besides, building now are not bullet proof:
catch(Exception caughtFire) { building.burnDown(); }
Anything not used as expected will cause problems, at least with code we have more room to work.
Re:Weinberg's law of programming; (Score:2)
Re:Weinberg's law of programming; (Score:2, Insightful)
Here's a more optimistic quote:
Give us time. Meanwhile, be very wary of trusting anything important to software.
Re:Weinberg's law of programming; (Score:2, Funny)
Surely you're describing Hurd?
Re:Weinberg's law of programming; (Score:2)
The problem is, it's the same thing that's being debugged every time when it's a surgical procedure, or a mechanical system.
Software changes. All the time. People write new versions, add functionality, take it and make changes. All the time.
I'm sure that if someone came up with a new way to do a kidney transplant every 6 months, there would be a lot of people dying too.
So take your pick; rapid evolution, or stagnant, bulletproof stability. I'm sure that if I had 12 years to develop an app, it'd be as solid as a rock at the end of it.
Simon
Re:Weinberg's law of programming; (Score:5, Funny)
Dear Mr. Architect:
Please design and build me a house. I am not quite sure of what I need, so you should use your discretion.
My house should have between two and forty-five bedrooms. Just make sure the plans are such that the bedrooms can be easily added or deleted. When you bring the blueprints to me, I will make the final decision of what I want. Also, bring me the cost breakdown for each configuration so that I can arbitrarily pick one.
Keep in mind that the house I ultimately choose must cost less than the one I am currently living in. Make sure, however, that you correct all the deficiencies that exist in my current house (the floor of my kitchen vibrates when I walk across it, and the walls don't have nearly enough insulation in them).
As you design, also keep in mind that I want to keep yearly maintenance costs as low as possible. This should mean the incorporation of extra-cost features like aluminum, vinyl, or composite siding. (If you choose not to specify aluminum, be prepared to explain your decision in detail.)
Please take care that modern design practices and the latest materials are used in construction of the house, as I want it to be a showplace for the most up-to-date ideas and methods. Be alerted, however, that kitchen should be designed to accommodate, among other things, my 1952 Gibson refrigerator.
To insure that you are building the correct house for our entire family, make certain that you contact each of our children, and also our in-laws. My mother-in-law will have very strong feelings about how the house should be designed, since she visits us at least once a year. Make sure that you weigh all of thses options carefully and come to the right decision. I, however, retain the right to overrule any choices that you make.
Please don't bother me with small details right now. Your job is to develop the overall plans for the house: get the big picture. At this time, for example, it is not appropriate to be choosing the color of the carpet. However, keep in mind that my wife likes blue.
Also, do not worry at this time about acquiring the resources to build the house itself. Your first priority is to develop detailed plans and specifications. Once I approve these plans, however, I would expect the house to be under roof within 48 hours.
While you are designing this house specifically for me, keep in mind that sooner or later I will have to sell it to someone else. It therefore should have appeal to a wide variety of potential buyers. Please make sure before you finalize the plans that there is a consensus of the population in my area that they like the features this house has.
I advise you to run up and look at my neighbor's house he constructed last year. We like it a great deal. It has many features that we would also like in our new home, particularily the 75-foot swimming pool. With careful engineering, I believe that you can design this into our new house without impacting the final cost.
Please prepare a complete set of blueprints. It is not necessary at this time to do the real design, since they will be used only for construction bids. Be advised, however, that you will be held accountable for any increase of construction costs as a result of later design changes.
You must be thrilled to be working on as an interesting project as this! To be able to use the latest techniques and materials and to be given such freedom in your designs is something that can't happen very often. Contact me as soon as possible with your complete ideas and plans.
PS: My wife has just told me that she disagrees with many of the instructions I've given you in this letter. As architect, it is your responsibility to resolve these differences. I have tried in the past and have been unable to accomplish this. If you can't handle this responsibility, I will have to find another architect.
PPS: Perhaps what I need is not a house at all, but a travel trailer. Please advise me as soon as possible if this is the case.
Re:Weinberg's law of programming; (Score:2)
Programming is no more complex or harder or easier than any of a number (undetermined) another disciplines. Building happens to be a particularly apt comparison. Why do you think there are so many borrowed terms, like, for instance 'build'?
Re:Weinberg's law of programming; (Score:2)
Part of it is the tools. A builder uses a hammer to drive a nail into a 2x4. It doesn't matter who made the hammer, it's going to work the same way. That's not quite the same with any development tool. Besides, how many programmers expect their code to still be in use after they die? How many programmers even feel it's their responsibility to fix something after the contract's done?
As JoelOnSoftware said just a couple weeks ago: (Score:3, Interesting)
from http://www.joelonsoftware.com/news/fog0000000337.
Re: (Score:2, Funny)
First Titanic, now this! (Score:5, Funny)
Comments by the CEO: -Well, you can take it both ways, really, we are defining what Unsinkable really means! The other ship building companies in our field are looking up to us to be half as unsinkable as we are. It's great, really, how our compain brings the best out of this situation.
"We believe the market effect of the 'Unsinkable' campaign raises the unsinkability bar and therefore improves unsinkability overall, both in forcing us to live up to the statement, and forcing others in the industry to begin to do the same," wrote Bruce Ismay. "If our unsinkability today is imperfect but better than the competition, and if customers make a buying decision based on that criteria, than in the long term you will see all products in the market improve."
Re:First Titanic, now this! (Score:2, Funny)
Please define 'is' (Score:2)
English, what has it become? (Score:2)
Interesting you should mention that they are defining what "unsinkable" should mean. Check out this garbage:
They should have said: "Unbreakable compared to Sendmail", or "Unbreakable compared to MS SQL server with the default password". Or how about "Unbreakable compared to BIND"?
Also notice in the quote I pasted the last word: "misstatement".
WTF is a misstatement? The author isn't George Orwell, so there is no reason for him to use DoubleSpeak. It's a lie. Call it what it is and stop being a lying wimp.
Uncle Larry and his problems. (Score:2)
Hell, i'd like to see a Gates vs. Ellison boxing match on pay-per-view, as long as the money didn't go to either of them (and they had to match 1000 to 1). Seeing as they are both a little lanky, it could be interesting. Just let them use physical equivilants of business tactics.
I'm sure oracle has to struggle to meet the goals spewed larry's big mouth. A "The president just said WHAT on national tv" type response, i.e. NASA in the 60's.
Larry Ellison is The Rock (Score:5, Funny)
Larry looks more than a little like The Rock in this photo [oracle.com]. Ever notice how you never see both The Rock and Ellison together at the same time? Hmmm? Coincidence? Perhaps not.
Re:Larry Ellison is The Rock (Rep. OT) (Score:2)
Re:Larry Ellison is The Rock (Score:2)
Harry Ballison.
Re:Larry Ellison is The Rock (Score:2, Informative)
Titanic Oracle (Score:2, Funny)
Thrill as the largest man-made ego in the world shows it too can make a mistake! Gasp as the master engineer makes a crucial error that sinks the RMS Unbreakable! Cry as the star-crossed developers try to escape the sinking PR disaster! Bemoan the lack of escape boats for the VPs who will pay for Ellison's boast!
I swear, can't tell who we need to get first, Gates or Ellison. Neither one is good for computing.
Nobody bothered to read the challenge... (Score:5, Insightful)
The only thing that this researcher proved is that in certain environments you can break in the system, which basicly holds true for every system.
No matter what, you can be sure that contrary to M$, these holes will be worked on 24/7 and fixed like yesterday. :)
Anyway, enjoy you uninformed, senseless bashing and flaming... trolls.
Re:Nobody bothered to read the challenge... (Score:4, Funny)
Yea, we understand what these marketing slogans mean. Unfortunately, nobody has lived up to one yet.
Re:Nobody bothered to read the challenge... (Score:3, Offtopic)
From http://www.oracle.com/ip/deploy/database/oracle9i/ index.html?content.html [oracle.com]
The Unbreakable Database Can't break it. Can't break in. Oracle9i Database won't go down if your server fails and won't go down if your site fails. What's more, Oracle holds 14 international security evaluations. IBM DB2 has none. Microsoft SQL Server has only one.
If you *can* break it, which clearly you can, their marketing campaign is untrue. Saying "read the fine print" is making excuses for typical marketingese (or, more likely, Ellisonese). If they still try to say that 9i is "unbreakable," they'll be a laughingstock.
Re:Nobody bothered to read the challenge... (Score:2)
Re:Nobody bothered to read the challenge... (Score:2, Funny)
Oh go on, upload your brain into your dual-Pentium 4 server then provoke it into blue-screening. Dare ya!
Re:Nobody bothered to read the challenge... (Score:3, Insightful)
- Unplugged from any network
- Unplugged from any power source
Otherwise there will be some hole to exploit...one cannot expose features without also exposing some vulnerability (be it only social hacking)Re:Nobody bothered to read the challenge... (Score:2, Interesting)
As opposed to most of MS's exploits, which had patches out like 3 months before the exploit became widespread.
Marketing at work, that's all. (Score:3, Insightful)
The only real losers in this, other than organizations whose Oracle databases were victimized by a security flaw, were the corporate purchasers who were sold on the hype. They'll have to live with the fact that their DBMS isn't "unbreakable." Honestly, though, there are relatively few of those (none I can think of that are well-publicized, at least), as they are usually run on well locked-down *nix boxes.
It's not anything new. It's just agressive advertising. Some might argue that it's false advertising, but that's probably being a bit harsh. It's more like...overly boastful advertising.
Re:Marketing at work, that's all. (Score:2)
overly boastful advertising
uh huh, as opposed to your regular, modest, humble advertising that we usually see.
I know, let's make the story something it isn't (Score:4, Offtopic)
By and large the Oracle products are very good... We use them in some extremely large and significant datawarehousing situations and have probably managed to kill the server once in three years. Many times we've been amazed at what developers have thrown at the server without killing it - Oracle is very good at recovering from users mistakes.
Anyway, I look forward to hearing what the obvious vulnerabilities are - I dread the number of server upgrades to be tested though. The client I'm working for now has about 250 instances registered with their 24*7 DBA team already... You have no idea how hard it can be to choose a unique 4 character SID sometimes.
Long live Oracle... I'm sure Larry won't lose any sleep (or money) over this since it is still clearly the best product out there.
Right, it says more about the certification (Score:3, Interesting)
If it's "let's attack the binary and see if we can break it", that's potentially harder to catch something like this, but then again, how hard can it be to see if the binary links against the system C library at the known offsets of gets, fgets, sprintf, etc.
What would be lamest of all is if the certification process goes something like, "What's your security engineering process? Oh, sounds secure to us."
Re:I know, let's make the story something it isn't (Score:3, Informative)
Then you certainly have not tried the following thing:
-Install forms 4.5 now. Forms 4.5 is year 2000 complient, the installer crashes (!)(there is a patch but.....)
-use plsql records in a 7.3.4. DB. Bye bye instance.
-use designer 2000 1.2.
and the list goes on and on.
"very good"?! (Score:2)
There is a sucker born every minute... (Score:2, Interesting)
Re:There is a sucker born every minute... (Score:2, Interesting)
I tend to think Larry put this challenge out to get free security testing from the community. The engineers knew his announcement would be heard as "I fart in your general direction" and geared up the patch writers accordingly.
Yes, some sorry PHB will only remember the campaign, not the bugs. Yes, sales will increase. Perhaps that was the goal, not the free bug testing... but you can't ignore either benefit for Oracle.
Quote the Security Manager? (Score:4, Insightful)
HIS boss is still the boss, wtf is he supposed to say?
slogans slogans slogans (Score:5, Funny)
Admittedly, but COME ON Dave, it's just not CATCHY. Slogans are often misleading or linguistically incorrect. Here is a list of "catchy slogans" that are either also false, irrelevant, or just silly enough just to point out.
Slogan [Product/Firm]
Re:slogans slogans slogans (Score:2)
That's not misleading. In the 80s, it just meant they can't even get the first step right.
"We try harder." [Avis Car Rental]
Good. I'll try just as hard to pay my bill.
"Just slightly ahead of our time." [Panasonic]
In some ways, this one might be the worst of them all. Many innovations have been ahead of their time yet fallen by the wayside. Just because it's better doesn't mean it will last (BetaMax). Maybe they should change their name to "Gamble your paycheck on our product's longevity."
Re:slogans slogans slogans (Score:5, Funny)
- "The real thing" [Coca-Cola] - if you conclude that thing is meant to be a reference to Coca-Cola, then "The real thing" is a reference to the version of Coca-Cola that they sell, as opposed to the imaginary version that the product development team is currently working on.
- "You'll love the way we fly" [Delta] - you will, at some point in the future, love the way we fly. That point in time, however, is unlikely to be now or anywhere near your flight date.
- "Quality is job 1" [Ford] - Everything else is job 0...every computer person should know that one is hardly a logical starting place.
- "We try harder" [Avis] -
- "Just slightly ahead of our time" [Panasonic] - All of our offices are located just west of the beginning of the timezones. So, while it's technically 10:00am, are time appears closer to 10:02. We didn't say we were way ahead of our time, just slightly.
Re:slogans slogans slogans (Score:3, Interesting)
You're too young, no doubt, to remember the Slogan Wars between Avis and Hertz of the early 60's.
In those days, it was considered taboo for an advertiser to directly mention the competitor's product when making comparisons. In fact, it was quite a shock when, in the mid 1970's we started seeing TV commercials where one brand explicitly stated that their product was better than a specific competitor's product. It's pretty common now, but you never saw it back in the day.
Anyway, some consumer survey gave Hertz marketroids the idea that they were the #1 car rental company (in an unbound domain, with unspecified terms, naturally). Hertz went to town
with this "fact." Worthy of note, the Hertz sign atop the infamous Texas School Book Depository building.
Avis countered Hertz with their own ingenious slogan: various flavors "We're #2, but we try harder."
At the same time, they made yet another marketing innovation -- they designed all their ads so that they could be distinguished at a distance of 40 feet. Thank Helmut Krone for that.
It was a marketing ploy (Score:3, Insightful)
It's not surprising that a system as complex as Oracle is going to have security flaws. However if you mistaken believed that Oracle had created the perfect piece of software, may I suggest you stow it away in the closet next to your Abdominizer and set of stay-sharp-steak-knives.
Re:It was a marketing ploy (Score:2)
Yes they may have set themselves up but to make a fair comparison you also have to realize that Oracle runs on 60 operating systems whereas SQLServer runs on ohhhh, NT.
Re:It was a marketing ploy (Score:2)
Reading the contents of newly allocated memory before initialising it, for example (I did a cut and paste and got a couple of lines the wrong way round once, a long time ago), could give you what you expect on one platform (all initialised - coincidentally - to zeros) and if that was the only platform you tested on, well, there's a latent bug in there.
Test the code on another platform, and it all falls apart within the first couple of seconds of initialisation. You soon track that one down.
K.
Re:It was a marketing ploy (Score:2)
Re:It was a marketing ploy (Score:2)
You make a fine point so mabye I should clarify what I'm trying to say. "Unbreakable" is a marketing ploy, you would be foolish to believe that the software is perfect. However the marketing was (and this is speculative) aimed at microsofts products with a poor security record, another slashdotter pointed out that Oracle set themselves up for a comparison with microsoft products by doing this campaign. Personally I don't consider Oracle and SQLServer in the same league (although I realise many do) I don't think it's a fair comparison.
Obviously, if multiple platforms was as important as you say, Oracle would have a different slogan!
Surprisingly enough, the importance of certain features of software is not always reflected in their slogans.
Homer again (Score:2)
(BOOM)
They weren't lying... (Score:2)
(with Apologies to Elwood Blues)
Seriously, though, IMNSHO they should get charged under the truth in advertising laws.
Operating systems (Score:3)
But what is the rest?
Re:Operating systems (Score:2)
Re:Operating systems (Score:2)
Re:Operating systems (Score:5, Informative)
Well, yes and no. Oracle is developed in two layers, VOS or "Virtual Operating System" abstracts all the primitives like threads, pipes, file handling etc from the underlying OS, and Oracle itself, which is written to VOS APIs. So the core Oracle engineering team code for pure functionality, and the VOS teams keep their APIs in sync with each other on different platforms. If Oracle want to target a new OS or platform, they simply develop a VOS for it.
I believe the Oracle engineers work on Suns, but they are targetting VOS, not Solaris directly.
That's why you have to start the service before you can start the instance on NT. Win32 is sufficiently different from Unix-like systems to need an environment in place before starting Oracle, whereas Unix-like systems can just link the VOS into the main binary. It needs to work like this because Oracle is Oracle, on any platform, once you log into SQL*Plus, it's exactly the same. Oracle is more complex than many operating systems, it provides its own scheduling, resource quotas (storage and CPU), IPC mechanisms (AQ, DBMS_PIPE, DBMS_ALERT, etc), programming languages (PL/SQL and Java) and a whole lot more. It is a platform in its own right.
Re:Operating systems (Score:2)
Yes, please allow me to list them for you:
Windows NT 3.x
Windows NT 4.x
Windows 2K
Windows XP
Linux 1.0
Linux 1.1
Linux 1.2
Linux 1.3
Linux 1.4
Linux 1.5
Linux 1.6
Linux 1.7
Linux 1.8
Linux 1.9
Linux 2.0
Linux 2.1
Linux 2.2
Linux 2.3
Linux 2.4
...
Do you see where I'm going with this.
This is what secrurity laws should address (Score:2)
irony (Score:3, Insightful)
2 cents (Score:2, Informative)
revealed that a common programming error -- a buffer overflow -- was present in Oracle's application server, potentially allowing hackers to gain remote access to the system over the Internet.
If the researcher is referring to Oracle 9i application server, it's really Orion Server. Since Orion is pure Java implementation, the threat is pretty low. Reguardless, the Orion developers will fix it. They're pretty quick about bug fixes.
We can actually interject ourselves in between that communications process and run commands as SYSTEM on Windows NT or 2000. If it's running on a Unix system, we can run commands as the Oracle user remotely
I'm not sure what this bug is referring to specifically, but it most likely is related to Oracle's GUI administration tool. If the user can run Unix commands, that doesn't necessarily mean a person can erase all the data. The suggested installation is to have the server run under the Oracle user. If ownership is root and the priv. is execute only, an instance would only be vulnerable to "kill -9". To erase the actual data, the cracker would have to login to the instance and delete the data.
I've done some crazy tests with sql server 6 and oracle 8i on low end hardware and I have to say oracle out performs sql server hands down. This is no excuse for Oracle though. They still need to back up that slogan with real blood.
What's next? (Score:2)
Add to /dictionaries/NewSpeak/ (Score:2)
So let's see if I have all of these straight:
By the time the revolution comes, there are gonna be so many Corporate Newspeak motherfuckers that we'll have to build a bigger wall to put them up against.
Not "unbreakable", but "is unbreakable" (Score:4, Funny)
Oracle said that 9i "is unbreakable". As President Clinton could easily tell you [pitt.edu], the key word here is 'is'.
What about PostgreSQL? (Score:3, Troll)
Better way to spend your $10k Oracle license fee: (Score:2, Troll)
$2000 for a firewall
$1000 for a thorough security consultation
$7000 for beer & chicken wings
I suppose posturing and unbelievable claims are what you can expect from a company whose CEO looks like The Rock.
Hmm, well.... (Score:5, Funny)
Re:You mean to tell me... (Score:2, Funny)
White Star Line [prodigy.com]
Does seem to be tempting fate to say "unbreakable", doesn't it>
Re:All software is breakable - (Score:4, Offtopic)
Chris Mattern
Re:Is the gov't still going to use it (Score:3, Funny)
Just imagine :
select * from downloaded_porn_table where porn_search_string like '%Natalie Portman scared and petrified%'
Re:Is the gov't still going to use it (Score:2)
Re:Is the gov't still going to use it (Score:2)
Re:Whoops! (Score:2, Funny)
Larry Ellison (Score:4, Insightful)
FUD like this "unbreakable" business just proves that he's cut from the same mold. What's truly sad is that our society selects people like Ellison and Gates as leaders because ruthlessness is a competitive advantage - and I mean "selects" in the evolutionary sense.
Oracle: the unbreakable national ID card. The whole idea gives me chills.