lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Apr 13 15:31:49 2006 From: jim.richards at dot.state.wi.us (Richards, Jim) Subject: Recall: Oracle read-only user can insert/up date/delete data At a previous company I sysadmined at, I had just finished installing the rightfax server, with outlook integration (or maybe ccmail I forget), but anyhow, an email/fax came out to all of our dealers and customers stating that our new product was slightly delayed due to something. The VP of sales apparently hit reply-to-all and said "If they only realized it was totally f*cked due to some giant problem in the hardware design, and it would likely never function as advertised, blah blah" I have never seen a more frightened look on anyone as he ran into my office yelling "pull the f*cking plug! Quick!!!!!!" It had already emailed and faxed to hundreds of people... -----Original Message----- From: Michael Holstein [mailto:michael.holstein@...ohio.edu] Sent: Thursday, April 13, 2006 8:11 AM To: Mike Owen Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Recall: Oracle read-only user can insert/update/delete data > In my experience, it doesn't even work in an Exchange environment. The > user gets a message that the message should be recalled, but the > original is still there, even if it hasn't been read yet. I've heard > people say that at one time it would auto-delete the message if it > hadn't been read, but I've never seen that. It does, provided you read the "recall" message first -- but since Outlook (by default) displays in reverse chronological order, and most people read email in the order received, it does little good. Back when I was involved in Exchange administration, I can't tell you how many times I had to stop services and run exmerge against the store to clean out messages that somebody accidently sent to a distribution list. That .. and all the people that got embarassed due to incorrect use of "reply-all" ;) ~Mike. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists