Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Oracle Database 10g given away for free

Reply
Thread Tools

Oracle Database 10g given away for free

 
 
news.xtra.co.nz
Guest
Posts: n/a
 
      11-03-2005
Brilliant move by oracle - while not cannibalizing their existing customers
(by restricting the product somewhat), but upskilling 1000's of people in
their software - many of whom will have future purchasing authority.

http://www.oracle.com/technology/sof.../xe/index.html


 
Reply With Quote
 
 
 
 
Shane
Guest
Posts: n/a
 
      11-03-2005
On Thu, 03 Nov 2005 17:04:25 +1300, news.xtra.co.nz wrote:

> Brilliant move by oracle - while not cannibalizing their existing customers
> (by restricting the product somewhat), but upskilling 1000's of people in
> their software - many of whom will have future purchasing authority.
>
> http://www.oracle.com/technology/sof.../xe/index.html


This was publiished on the 28th of last month
http://www.securityfocus.com/brief/28
A research paper released this week spells out weaknesses in the password mechanism
for Oracle databases and describes how to break system passwords in
minutes.

A number of decisions made by the database maker weakens the password
algorithm, according to Joshua Wright of the SANS Institute and Carlos Cid
of the University of London. Passwords in Oracle databases use the account
name to randomize the password hashing process, converts all characters to
uppercase letters and uses a fairly weak hashing algorithm, the two
researchers said in the paper.

and this is the pdf detailing the above vulnerability
http://www.sans.org/info/911/


this was published 02/11 (presumably this morning our time)
http://www.securityfocus.com/brief/32
An Oracle worm posted to the Full-disclosure mailing list on Monday may be
harmless now, but with the source code available it may not stay that way.

The worm scans local subnets looking for other database servers, and then tries
various common username and password combinations. If this succeeds, a
table 'x' is placed on the server and the cycle is repeated. With the
source code in the wild, it is trivial to change this table creation to
something less benign.

Oracle has been criticized in the past for its lax response to security
issues, and given the company’s prior slogan of being "Unbreakable" this
worm shows the importance of acting swiftly on vulnerabilities, before
they become widespread problems.


The source code to the worm can be found here
http://lists.grok.org.uk/pipermail/f...er/038290.html


enjoy


--
Hardware, n.: The parts of a computer system that can be kicked

The best way to get the right answer on usenet is to post the wrong one.

 
Reply With Quote
 
 
 
 
news.xtra.co.nz
Guest
Posts: n/a
 
      11-03-2005

"Shane" <(E-Mail Removed)-a-geek.net> wrote in message
news(E-Mail Removed)-a-geek.net...
> On Thu, 03 Nov 2005 17:04:25 +1300, news.xtra.co.nz wrote:
>
>> Brilliant move by oracle - while not cannibalizing their existing
>> customers
>> (by restricting the product somewhat), but upskilling 1000's of people in
>> their software - many of whom will have future purchasing authority.
>>
>> http://www.oracle.com/technology/sof.../xe/index.html

>
> This was publiished on the 28th of last month
> http://www.securityfocus.com/brief/28
> A research paper released this week spells out weaknesses in the password
> mechanism
> for Oracle databases and describes how to break system passwords in
> minutes.
>
> A number of decisions made by the database maker weakens the password
> algorithm, according to Joshua Wright of the SANS Institute and Carlos Cid
> of the University of London. Passwords in Oracle databases use the account
> name to randomize the password hashing process, converts all characters to
> uppercase letters and uses a fairly weak hashing algorithm, the two
> researchers said in the paper.
>
> and this is the pdf detailing the above vulnerability
> http://www.sans.org/info/911/
>
>
> this was published 02/11 (presumably this morning our time)
> http://www.securityfocus.com/brief/32
> An Oracle worm posted to the Full-disclosure mailing list on Monday may be
> harmless now, but with the source code available it may not stay that way.
>
> The worm scans local subnets looking for other database servers, and then
> tries
> various common username and password combinations. If this succeeds, a
> table 'x' is placed on the server and the cycle is repeated. With the
> source code in the wild, it is trivial to change this table creation to
> something less benign.
>
> Oracle has been criticized in the past for its lax response to security
> issues, and given the company's prior slogan of being "Unbreakable" this
> worm shows the importance of acting swiftly on vulnerabilities, before
> they become widespread problems.
>
>
> The source code to the worm can be found here
> http://lists.grok.org.uk/pipermail/f...er/038290.html
>
>
> enjoy
>


Interesting, but I'm not sure how this relates to Oracle giving away it's
software for free?


 
Reply With Quote
 
thingy
Guest
Posts: n/a
 
      11-03-2005
news.xtra.co.nz wrote:
> Brilliant move by oracle - while not cannibalizing their existing customers
> (by restricting the product somewhat), but upskilling 1000's of people in
> their software - many of whom will have future purchasing authority.
>
> http://www.oracle.com/technology/sof.../xe/index.html
>
>


Not sure if it is brilliant or desperate....Oracle bought some software
"critical" to Mysql, which is generally seen as a move to curtail
mysql's growing market share.

GPL (or similar licence) databases are coming....like MS and Linux the
next battleground becomes the applications on top of the OS, databases
are expensive and are a prime candidate for the good enough market.

Oracle charges silly amounts for its software, something like $40k per
cpu, ditto MS's SQL.

Mysql on the other hand and a few others are free or just about free and
you can buy support if needed and will do 50%+ of what most databases
are used for.

It will be interesting to watch........

regards

Thing

 
Reply With Quote
 
Not Dave
Guest
Posts: n/a
 
      11-03-2005
On Thu, 03 Nov 2005 20:30:09 +1300, thingy <(E-Mail Removed)>
growled these words from under a rock:

>news.xtra.co.nz wrote:
>> Brilliant move by oracle - while not cannibalizing their existing customers
>> (by restricting the product somewhat), but upskilling 1000's of people in
>> their software - many of whom will have future purchasing authority.
>>
>> http://www.oracle.com/technology/sof.../xe/index.html
>>
>>

>
>Not sure if it is brilliant or desperate....Oracle bought some software
>"critical" to Mysql, which is generally seen as a move to curtail
>mysql's growing market share.


LOL!!! That's really funny!!!

Mentioning MySQL and Oracle in the same breath shows a complete lack
of understanding of database technology.
 
Reply With Quote
 
Not Dave
Guest
Posts: n/a
 
      11-03-2005
On Thu, 3 Nov 2005 18:58:16 +1300, "news.xtra.co.nz"
<(E-Mail Removed)> growled these words from under a rock:
>
>Interesting, but I'm not sure how this relates to Oracle giving away it's
>software for free?


Shane understands that commercial companies giving away solid,
commercial software renders open source irrelevant, and are therefore
a threat.

Those that are not prepared to pay for quality commercial software no
longer have to turn to the products made by hobbyists in their spare
time.

Well done Oracle, I say.
 
Reply With Quote
 
Chris Hope
Guest
Posts: n/a
 
      11-03-2005
Not Dave wrote:

> On Thu, 3 Nov 2005 18:58:16 +1300, "news.xtra.co.nz"
> <(E-Mail Removed)> growled these words from under a rock:
>>
>>Interesting, but I'm not sure how this relates to Oracle giving away
>>it's software for free?

>
> Shane understands that commercial companies giving away solid,
> commercial software renders open source irrelevant, and are therefore
> a threat.
>
> Those that are not prepared to pay for quality commercial software no
> longer have to turn to the products made by hobbyists in their spare
> time.
>
> Well done Oracle, I say.


You think MySQL is made by hobbyists? Sure, it may not be in the same
league as Oracle, but it's a commercial company who pays their
developers to develop their open source database products.

http://www.mysql.com/company/jobs/

It is quite interesting that Oracle is doing this though. However, you
can only use the free version on smaller databases (4GB of user data in
total) but still very interesting.

--
Chris Hope | www.electrictoolbox.com | www.linuxcdmall.co.nz
 
Reply With Quote
 
Not Dave
Guest
Posts: n/a
 
      11-03-2005
On Thu, 03 Nov 2005 20:43:09 +1300, Chris Hope
<(E-Mail Removed)> growled these words from under a rock:

>Not Dave wrote:
>
>> On Thu, 3 Nov 2005 18:58:16 +1300, "news.xtra.co.nz"
>> <(E-Mail Removed)> growled these words from under a rock:
>>>
>>>Interesting, but I'm not sure how this relates to Oracle giving away
>>>it's software for free?

>>
>> Shane understands that commercial companies giving away solid,
>> commercial software renders open source irrelevant, and are therefore
>> a threat.
>>
>> Those that are not prepared to pay for quality commercial software no
>> longer have to turn to the products made by hobbyists in their spare
>> time.
>>
>> Well done Oracle, I say.

>
>You think MySQL is made by hobbyists? Sure, it may not be in the same
>league as Oracle, but it's a commercial company who pays their
>developers to develop their open source database products.
>

I wasn't talking about MySQL specifically in that comment, although
re-reading it I can see how it could be interpreted that way with my
comment elsewhere regarding comparing mySQL and Oracle, which is a bit
of a joke. I was more commenting in general - some posters here appear
to be very against commercial software being free, as it erodes what
htey see as the competitive advantage of open source software - ie
that it is free (as in beer).

MySQL is a great, fast, lite little DBMS. Better yet, it's free in
many situations. Oracle is the holy grail high-end enterprise-level
and above DBMS. Both are good, and both definately have their place.
However, there is no place for comparisons between the two.

>http://www.mysql.com/company/jobs/
>
>It is quite interesting that Oracle is doing this though. However, you
>can only use the free version on smaller databases (4GB of user data in
>total) but still very interesting.


A very interesting move. I wonder if Microsoft will make Access free
in response? Which, of course, is about what it's worth, but that's a
different thread...
 
Reply With Quote
 
Shane
Guest
Posts: n/a
 
      11-03-2005
On Thu, 03 Nov 2005 20:35:12 +1300, Not Dave wrote:

> On Thu, 3 Nov 2005 18:58:16 +1300, "news.xtra.co.nz"
> <(E-Mail Removed)> growled these words from under a rock:
>>
>>Interesting, but I'm not sure how this relates to Oracle giving away it's
>>software for free?

>
> Shane understands that commercial companies giving away solid,
> commercial software renders open source irrelevant, and are therefore
> a threat.
>
> Those that are not prepared to pay for quality commercial software no
> longer have to turn to the products made by hobbyists in their spare
> time.
>
> Well done Oracle, I say.


I _think_ that the very same day that Oracle announce their software
giveaway, is the day Oracle makes it to Security focus' frontpage because
someone (in their omnipotent wisdom) has released source code for a
working worm
As can _clearly_ be seen by the articles I quoted from, all that is
required for the worm to become malicious is to change the payload, so
instead of making table x, shellcode (for example) is inserted

The _smart_ thing to do is to wait a few days for Oracle to respond to the
flaws reported, and to patch them accordingly, or declare the 10g
unaffected
And _then_ download the products (saving a possible double-up)


I do like how you turn a "heads up" into something personal though HOG, I
have to say it really does show the strength(or lack there of) of your
argument(s)
Is this because youre a complete moron?


You really have to wonder about some people


--
Hardware, n.: The parts of a computer system that can be kicked

The best way to get the right answer on usenet is to post the wrong one.

 
Reply With Quote
 
Shane
Guest
Posts: n/a
 
      11-03-2005
On Thu, 03 Nov 2005 18:58:16 +1300, news.xtra.co.nz wrote:

> Interesting, but I'm not sure how this relates to Oracle giving away it's
> software for free?


I think the implications speak for themselves, wait a week or two to see
if the free products are affected ... then download


--
Hardware, n.: The parts of a computer system that can be kicked

The best way to get the right answer on usenet is to post the wrong one.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How Do I connect Oracle 10g Database??? niladri chatterjee Windows 64bit 5 06-03-2009 12:14 PM
Sequence.nextval numeric type in Oracle 10g differs from Oracle 8i when using MS OleDb provider alasdair.johnson@gmail.com ASP .Net 0 04-27-2007 04:57 PM
Unable to connect to Oracle 10g Free Express Edition from NetBean IDE javadev Java 2 05-27-2006 05:42 AM
Access Oracle 10g using ASP.NET sloan ASP .Net 1 03-11-2006 06:48 AM
install_driver(Oracle) failed: Can't load 'C:/Perl/site/lib/auto/DBD/Oracle/Oracle.dll' for module DBD::Oracle: load_file:The specified procedure could not be found at C:/Perl/lib/DynaLoader.pm line 230. Feyruz Perl Misc 4 10-14-2005 06:47 PM



Advertisments