Social Engineering and Oracle{1}

by Vincent S
Global network security has become a hot issue in the last decade or so as hackers continue to exploit network vulnerabilities.  For this reason, many more sponsored hacking conventions and competitions have appeared in order to attract pro-hackers to participate and help discover weaknesses in large companies.  In particular, Defcon, the world’s largest hacking convention and competition, helps to expose which companies have the worst security structures.  This past year, Oracle was named as the most vulnerable company in terms of social engineering.  It was revealed that although Oracle does not seem to have obvious back-doors in it network infrastructure, its employees were more willing to give out information over the phone that could aid a hacker in bringing down the network more than any other major company.

This article was interesting to me because my field of concentration for CIS is networking.  In my personal experience, it is becoming more apparent that the average computer user is not aware of the rise of online threats.  It took me my surprise that employees for a company like Oracle would be so ignorant of social engineering and why you should not give any information pertaining to a host device on a company network even if the person over the phone claims to be a member of the IT staff.  Although Oracle is a company known for creating and maintaining secure databases, not every employee is a trained IT administrator.

I believe the solution to this problem and many others is better employee training in social engineering and possible online threats.  The problem is only going to get worse as more and more devices are entering the public network.  Luckily, social engineering is the most common threat to larger companies and is entirely preventable.



Finkle, Jim. (2011, August 7).  Oracle, other companies “punk’d” in hacking contest.  Retrieved January 8, 2012, from