[Previous entry: "Oracle and the Common Criteria"] [Next entry: "The Oracle Hacker's Handbook"]

05/16/2006: "Shooting to high?"

I found a story today about an intrusion into Ohio University's Oracle database server. Part of the story discusses the problem of default/unchanged passwords and, given the context, might be the vector for the break in. Whether this is the case or not in this particular compromise unchanged/default passwords are a real problem. It makes me wonder whether I and other Oracle security researchers are aiming too high. What I mean by this is that, if most people can't or don't solve their password problems, then what care do they have about (slightly more) complex issues such as plsql injection or buffer overflows? The old adage comes to mind... "You can lead a horse to water..."