Security, Compliance, and Identity Management

Here is a brief analysis of the pre-release announcement for the upcoming January 2010 Oracle Critical Patch Update (CPU) -

Overall, 24 security vulnerabilities are fixed in this CPU, which is a below average number but well within the range of previous CPUs (Oct-09=38, Jul-09=30, Apr-09=43, Jan-09=41, Oct-08=36, Jul-08=45, Apr-08=41, Jan-08=26, Oct-07=51, Jul-07=45, Apr-07=36, Jan-07=51, Oct-06=101, Jul-06=62, Apr-06=34, Jan-06=80).
The product and vulnerability mix appears to be similar to previous CPUs.  All CPU supported Oracle Database, Oracle Application Server, and Oracle E-Business Suite versions are included.  The list of supported versions is getting very short and should be carefully reviewed to determine

…click on the title to read the full article…

I have added the registration page for the upcoming Oracle security training - how to perform a security audit of an Oracle database to be held in York on February the 9th and 10th in England. The registration page gives….[Read More]
Posted by Pete On 05/01/10 At 06:34 PM

There was a good blog post titled ” The need to ensure that hashed password values are safe ” picked up via my Oracle blogs aggregator that discusses Dennis’s FPGA cracker and also the importance of not letting the password….[Read More]
Posted by Pete On 04/01/10 At 04:26 PM

Well it has been a while since my last blog entry - almost two weeks in fact, xmas added onto heavy work loads all gets in the way of blogging…:-) I still have a backlog of things to blog about….[Read More]
Posted by Pete On 29/12/09 At 12:40 PM

Hi, this is Eric Maurice. Oracle today released the January 2010 Critical Patch Update (CPUJan2010).
Today’s Critical Patch Update (CPU) provides 24 new security fixes across the following product families: Oracle Database Server, Oracle Secure Backup, Oracle Application Server, Oracle E-Business Suite, Oracle PeopleSoft Enterprise, Oracle Primavera, Oracle WebLogic Server and JRockit. 13 of the 24 new vulnerabilities are remotely exploitable without authentication. This means that an attacker could attempt to exploit these vulnerabilities, should the targeted systems be exposed on the network (as opposed to being hidden behind a firewall for example) remotely without requiring

…click on the title to read the full article…

On New Year's Eve it occurred to me that we had now crossed the years to not one but two of Arthur C. Clarke's sci-fi novels - 2001 and 2010.
Of course on one hand we are no where near as advanced in manned space flight as described in those books.
But I think there is more than a kernel of truth to the title of the 2010 movie - "The Year We Make Contact." Though I doubt it will be with any alien monolith.
Instead 2010 is when globally mobile phones really explode both in terms of smart-phone and the

…click on the title to read the full article…

I saw the review of a new security book on Slashdot. It's called "Enterprise Security for the Executive: Setting the Tone from the Top" by Jennifer Bayuk. I just ordered it myself so I can't post any further information on the content, but I'll put up my thoughts as soon as I can.

Posted via email from Virtual Identity Dialogue

In conjunction with our recent partnership with 1 Security Solutions Applied we are happy to announce a new public training event which is run by both companies. We are offering an oppertunity for students to experience the PeteFinnigan.com Limited two….[Read More]
Posted by Pete On 16/12/09 At 07:04 PM

I got my two chapters of the new Oak Table book ” Expert Oracle Practices: Oracle Database Administration from the Oak Table ” as final proofs from Apress today for a final check and send back; the book should be….[Read More]
Posted by Pete On 17/12/09 At 07:35 PM

Wow, its been around a week since i last wrote here. I was on client work all last week, indeed i have been snowed under for quite a while so finding time for blogging is hard. I had promised myself….[Read More]
Posted by Pete On 15/12/09 At 05:47 PM