October 27, 2015 by

Interns Hacked Oracle Software in under an Hour, Researcher Says

Multiple vulnerabilities inherent in Oracle’s software were hacked by interns working at a security researcher’s cybersecurity firm, notes Alexander Polyakov, founder of ERPScan Research.

Oracle, much like all big software manufacturers deals with sealing security holes and vulnerabilities by issuing patches for its widely used software. Most recently, the software and solutions giant released a total of 154 new security patches for its software. The E-Business Suite counts among Oracle’s most prominent, widely-used and popular software, for which 12 patches were issued.

As it turned out, six of those twelve patches contained bugs that were quickly discovered by interns working at ERPScan Research, in under an hour.

Some vulnerabilities are so significant and critical that they could potentially allow an attacker to gain control of the apps, according to founder Polyakov, speaking to Business Insider.

Oracle Has a History with White Hat Hackers

It was only last August when Oracle’s Chief Security Officer, Mary Ann Davidson was found facing much criticism after a blog post (now deleted) wherein she did not prefer Oracle’s customers or independent security researchers to look for or even report bugs found in Oracle’s software. She contended, at the time, that the company was plenty capable in finding and fixing the security holes on its own.

A significant backlash followed and the blog post was taken down by Oracle soon after it went viral, with the company distancing itself from Davidson’s comments. The company also added that her views weren’t shared and “didn’t reflect” the company, despite her being responsible for the security policies and infrastructure of the company’s products and services.

Oracle’s Chief Technology Officer and Executive Chairman Larry Ellison gave a recent interview wherein he gently touched on possible security solutions in the company’s plans for the future.

Among the many ways in making its software more secure, Oracle, he said, is looking at implementing security technology built right into the hardware or the chip. He says that the security feature will be switched on, by default and will have no way of turning it off once it is being used.

Regardless, the wider security industry will remain vigilant in looking for bugs and vulnerabilities to protect users all around the world. Even more-so, it is quite simply the right thing to do.

 

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Microsoft’s Secret Bug Database was Hacked in 2013

Technology giant Microsoft never disclosed a major breach of its internal database tracking bugs, a...

Read more arrow_forward

Hotel Chain Hyatt Announces Second Breach in 2 Years

Hyatt has announced that its payment systems were breached, exposing credit card details from 41...

Read more arrow_forward

IRS Suspends Equifax Contract after Data Breach

The IRS has reportedly suspended the $7.2 million no-bid contract awarded to Equifax to verify the...

Read more arrow_forward