This is a pretty scary fact. After a recent test was conducted, the results showed there are about 380,000 MySQL and 124,000 Oracle databases that anyone can easily connect to on the Internet since they do not use a firewall. And if you thought that was bad, it only gets worse. There are also a large percentage of online databases that are not updated, so they can easily be exploited as well. What will it take to get companies to secure their databases?

A half a million database servers are without any firewall protection according to security researcher David Litchfield.

NGSSoftware managing director, Litchfield took a look at just over 1 million randomly generated Internet Protocol [IP] addresses, checking them to see if he could access them on the IP ports reserved for Microsoft SQL Server or Oracle’s database. The results? He found 157 SQL servers and 53 Oracle servers. Litchfield then relied on known estimates of the number of systems on the Internet to arrive at his conclusion: “There are approximately 368,000 Microsoft SQl Servers… and about 124,000 Oracle database servers directly accessible on the Internet,” he wrote in his report, due to be made public next week.

This is not the first time that Litchfield has conducted this type of research. Two years ago, he released his first Database Exposure Survey, estimating that there were about 350,000 Microsoft and Oracle databases exposed.

This 2007 version of the Database Exposure Survey is set to be published Monday on Litchfield’s Database Security website.[more]

Tags: Computer Protection