Comments on: Halloween treat for Oracle: A database worm

Proof-of-concept pest is believed to be the first to target Oracle databases.

[Hernys]

Unbreakable?

It's amazing that this company claims their database is unbreakable in big neon signs, and then doesn't even care to issue patches for their products holes. I think their security record is the worst in the industry, viewed from the patched vulnerabilities and unpatched vulnerabilities numbers, as well as their treatment of security in general (I once heard an Oracle presenter say "vulnerabilities are not a significant issue for a database server, since most databases are hidden behind a firewall").
Just plain pathetic.

[BogusName]

In Their Defense

If you leave the default usernames unlocked with their default passwords it is your fault if the database is hacked. Their is nothing Oracle can do to prevent user mistakes.

[BogusName]

What does CNET have against Oracle?

This article is valueless. This isn't a product flaw, it is a user error issue.

This is like the third article in a week bashing Oracle. I have to think it is more than coincidence.

[Meh234]

The reason

The reason is simple, Oracle's track record for security is absolutely abysmal.
This is the same database that at one point would create multiple DB admins with default or blank passwords and you had to manually disable or change the accounts to not have huge backdoors. There were known programmed backdoors into Oracle for a long time.
They still release more patches in an average month than you'll see for MS SQL Server in a whole release, yet they claim that they're secure because they run FORTIFY on their code.

They're the laughingstock of the security industry, and they completely deserve it.

[shikarishambu]

Uncle Larry is the master of spin

LOL