[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] Recall: Oracle read-only user can insert/up date/delete data
- To: "'Michael Holstein'" <michael.holstein@xxxxxxxxxxx>, Mike Owen <kyphros@xxxxxxxxx>
- Subject: RE: [Full-disclosure] Recall: Oracle read-only user can insert/up date/delete data
- From: "Richards, Jim" <jim.richards@xxxxxxxxxxxxxxx>
- Date: Thu, 13 Apr 2006 09:31:32 -0500
At a previous company I sysadmined at, I had just finished installing the
rightfax server, with outlook integration (or maybe ccmail I forget), but
anyhow, an email/fax came out to all of our dealers and customers stating
that our new product was slightly delayed due to something. The VP of sales
apparently hit reply-to-all and said "If they only realized it was totally
f*cked due to some giant problem in the hardware design, and it would likely
never function as advertised, blah blah"
I have never seen a more frightened look on anyone as he ran into my office
yelling "pull the f*cking plug! Quick!!!!!!"
It had already emailed and faxed to hundreds of people...
-----Original Message-----
From: Michael Holstein [mailto:michael.holstein@xxxxxxxxxxx]
Sent: Thursday, April 13, 2006 8:11 AM
To: Mike Owen
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Recall: Oracle read-only user can
insert/update/delete data
> In my experience, it doesn't even work in an Exchange environment. The
> user gets a message that the message should be recalled, but the
> original is still there, even if it hasn't been read yet. I've heard
> people say that at one time it would auto-delete the message if it
> hadn't been read, but I've never seen that.
It does, provided you read the "recall" message first -- but since
Outlook (by default) displays in reverse chronological order, and most
people read email in the order received, it does little good.
Back when I was involved in Exchange administration, I can't tell you
how many times I had to stop services and run exmerge against the store
to clean out messages that somebody accidently sent to a distribution list.
That .. and all the people that got embarassed due to incorrect use of
"reply-all" ;)
~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/