By Dan Morrill
Expert Author
Article Date: 2008-05-28
This Google hack is fairly interesting when you can get into the configuration of an oracle database because someone forgot to put a password in front of the web login. Stunningly, we found one such system, and if we had been evil, we could have owned this database system in less than 3 minutes.
If this video shows nothing else, you must password protect everything that is going to be on the internet, anything that is going to be exposed to searched engines, and just generally get in the habit of password protecting anything at this point.
There really is no excuse on this one, the security around this system is poor, and it is surprising that they still own this system. Overall though, makes an interesting object lesson in Google hacking, oracle configuration files, and the absolute need to password protect your systems.
Comments About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
