Today I was informed about a very strange incident for which I cannot really believe that it can be true:
On July 13th. John Leyden published a post on THEREGISTER in which Oracle U.K. is accused to host computers from which SSH brute force password attacks are launched against servers which run SSH software since May 3rd. 2007.
…Here is Oracle’s response as quoted on Register’s website:
“In response to Register inquiries, Oracle supplied a statement saying that an ongoing investigation is yet to confirm whether its systems have been misused or not.
“Security is a matter Oracle takes seriously and the company’s first priority is meeting customer needs and reducing their risk. As soon as Oracle became aware of the situation an investigation began, which is ongoing, but to date the company has found no evidence for any SSH brute-force attack originating from the Oracle owned machine currently listed on the DenyHosts website.” ®” …
=?-(
I cannot believe it!
Can you?
I could believe it… at a large organization like Oracle small groups can setup their own “servers” for testing – I’ve setup lots of desktop-class machines for testing things like RAC or Data Guard. It’s impossible (and would waste a lot of energy) to enforce enterprise-wide security policies for these test boxes that may get reloaded on a weekly basis. Maybe this was a test box that was not being used and someone on the ‘net somehow got control of it. Who knows.