Great was the indignation in the country after Oracle security this summer reported that the company felt it unnecessary for ethical hackers to test their products for holes. The reverse engineering of source code would henceforth be dealt with harshly by Oracle. Anger so was the ethical hackers and the relevant blog post quickly taken offline by Oracle
.
Well, that Oracle conscience. It has this week released a monster patch which six very important holes are repaired that have been found by – wait – yes: ethical hackers. And not just hackers, claiming discoverer ERPScan but only trainees who hardly needed for a few hours to discover the gaping holes.
So it is very basic errors in the flagship product of Oracle, the E-Business Suite. What about simple cross-site scripting and SQL injections? User Enumeration or even an ineradicable error. “It still comes here to the base of apllicatiebeveiliging says Polyakov of ERPScan at CRN.” Everything easily found by our trainees. What should I add now about that? “
No comments:
Post a Comment