On 11/15/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote: > So why not start teaching some lessons David and release exploit code. > It seems that is the only way they learn and take thing seriously.
Rarely this software did not run in a what is considered "secured" environment - I mean, this is rarely exposed on Internet/DMZs. Usually Oracle DB (especially these older versions which didn't have so much web application software) are used just as database back end, which communicates with DMZs through multiple firewall levels (I am not justifying them in any way, I am just guessing why they may not care so much). Security is considered often not important - especially if you can "inexpensively" upgrade to a 9.x or 10.x or 11.x software version which "never breaks"... Cheers. -- Marco Ermini Dubium sapientiae initium. (Descartes) [EMAIL PROTECTED] # mount -t life -o ro /dev/dna /genetic/research (This message is for the designated recipient only and may contain privileged or confidential information. If you have received it in error, please notify the sender immediately and delete the original.) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
