Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Recall: Oracle read-only user can insert/up date/delete data
From: "Richards, Jim" <jim.richards () dot state wi us>
Date: Thu, 13 Apr 2006 09:31:32 -0500

At a previous company I sysadmined at,  I had just finished installing the
rightfax server,  with outlook integration (or maybe ccmail I forget),  but
anyhow,  an email/fax came out to all of our dealers and customers stating
that our new product was slightly delayed due to something.  The VP of sales
apparently hit reply-to-all and said "If they only realized it was totally
f*cked due to some giant problem in the hardware design, and it would likely
never function as advertised, blah blah"

I have never seen a more frightened look on anyone as he ran into my office
yelling "pull the f*cking plug!  Quick!!!!!!"

It had already emailed and faxed to hundreds of people...

-----Original Message-----
From: Michael Holstein [mailto:michael.holstein () csuohio edu]
Sent: Thursday, April 13, 2006 8:11 AM
To: Mike Owen
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Recall: Oracle read-only user can
insert/update/delete data


In my experience, it doesn't even work in an Exchange environment. The
user gets a message that the message should be recalled, but the
original is still there, even if it hasn't been read yet. I've heard
people say that at one time it would auto-delete the message if it
hadn't been read, but I've never seen that.

It does, provided you read the "recall" message first -- but since 
Outlook (by default) displays in reverse chronological order, and most 
people read email in the order received, it does little good.

Back when I was involved in Exchange administration, I can't tell you 
how many times I had to stop services and run exmerge against the store 
to clean out messages that somebody accidently sent to a distribution list.

That .. and all the people that got embarassed due to incorrect use of 
"reply-all" ;)

~Mike.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • RE: Recall: Oracle read-only user can insert/up date/delete data Richards, Jim (Apr 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault