July 23, 2009
Free Online Program Gives Hackers A New Tool
Hackers are being given a potent new tool for hacking into Oracle Corp's database, the best-selling software used by corporations to hoard electronic data.
Security specialists have created simple, automated software that can sneak into Oracle databases over the Internet to replicate attacks on computer systems. However, the new software can be used by cybercrooks to hack into systems.The tool's builders constructed it with the open-source software preparation Metasploit, which allows its software to be downloaded free on the Web.
Chris Gates, co-developer of Metasploit, will release it next week at the yearly Black Hat conference in Las Vegas, where security experts will meet to share trade secrets.
"Anyone with no skill and knowledge can download and run it," said Pete Finnigan, a consultant whose background is in Oracle security and who counsels large companies and government agencies.
He has not reviewed the Oracle tool but is accustomed with other Metasploit programs. Finnegan said it works by automating several of the complex steps needed to break into Oracle databases, letting recreational hackers have access to the system.
Oracle has already attempted to defend the system against holes that the Metasploit tool looks for. However, some companies are not meticulous in updating their software and become susceptible.
Metasploit hacks are also accessible for other programs, like Microsoft Corp's Windows and the Firefox and Internet Explorer browsers.
Gates insists that the Metasploit program is not meant to foil Oracle's database.
"There is no way to keep these tools out of the hands of people who want to use them for nefarious purposes," said Alan Paller, director of research for the SANS Institute, to Reuters News.
Security testers have utilized other programs in the past to hack into Oracle databases, but the new software is simpler to use and operates more swiftly than other ones.
Metasploit is the most extensively used hacking device and has a devoted community.
In addition to allowing hackers to sneak into databases, Metasploit lets employees use the tool from their work computers.
Workers could hack into the Oracle system and embezzle confidential information like credit card numbers, or they could make other changes to the databases.
On the Net: