This is a great interview with David Litchfield. I was recently in a review with Bob Muglia, Senior VP for the Server and Tools business, where the SQL team presented there had yet to be a security GDR for SQL2K5. Bob asked if it was because the product is secure or if people just aren't looking for security issue. The team proudly answered: people are looking and they're not finding anything. I just don't understand why anyone still runs Oracle (behind a firewall or not).
Are you including web service hosting w/ endpoints in this statement? At my firm, there seems to be some pushback regarding this technology, as it "exposes" otherwise unavailable access to the server...
AFAIK there hasn't been a single exploit reported on SS2K5. I would assume the hacker community has tried endpoint attacks - but that's completely an assumption on my part.
Well David Litchfield thinks so. "Who he?" you ask. Well this article will explain all. Thanks