Social Engineering and Oracle

by Vincent S
Global network security has become a hot issue in the last decade or so as hackers continue to exploit network vulnerabilities.  For this reason, many more sponsored hacking conventions and competitions have appeared in order to attract pro-hackers to participate and help discover weaknesses in large companies.  In particular, Defcon, the world’s largest hacking convention and competition, helps to expose which companies have the worst security structures.  This past year, Oracle was named as the most vulnerable company in terms of social engineering.  It was revealed that although Oracle does not seem to have obvious back-doors in it network infrastructure, its employees were more willing to give out information over the phone that could aid a hacker in bringing down the network more than any other major company.

This article was interesting to me because my field of concentration for CIS is networking.  In my personal experience, it is becoming more apparent that the average computer user is not aware of the rise of online threats.  It took me my surprise that employees for a company like Oracle would be so ignorant of social engineering and why you should not give any information pertaining to a host device on a company network even if the person over the phone claims to be a member of the IT staff.  Although Oracle is a company known for creating and maintaining secure databases, not every employee is a trained IT administrator.

I believe the solution to this problem and many others is better employee training in social engineering and possible online threats.  The problem is only going to get worse as more and more devices are entering the public network.  Luckily, social engineering is the most common threat to larger companies and is entirely preventable.



Finkle, Jim. (2011, August 7).  Oracle, other companies “punk’d” in hacking contest.  Retrieved January 8, 2012, from

1 thought on “Social Engineering and Oracle”

  1. That is pretty shocking that an Oracle employee would give out any kind of information, no matter how small it is, that could aid an unwanted intrusion. I believe you are right that these major Database companies need to strongly train all their employees in being more cautious with the information they give over the phone.

Comments are closed.