Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Sysdba Backdoor in Japan

Just noticed that my SYSDBA Backdoor paper has been published in Japan through NGS’ contacts.
www.dcs.co.jp/security/NGS_freedownloads/OracleSysDBA_Backdoor.pdf
It is a compliment for this work to be of widespread use and there is more on the way..

There is still a lot of work that needs to be done with database security in general not only in the form of software bugs that raise security issues but also in securing the data itself. Pete has an article on the PA Consulting incident here.

I note that the majority of reported incidents in the UK are govt agencies as they are more duty bound to inform of the breach. UK based private companies are not under the same responsibility to inform of a breach compared to US companies as can be seen at http://www.privacyrights.org/ar/ChronDataBreaches.htm
Wells Fargo and the InterActive Financial Marketing Group are among recent victims in the US. Would these companies have notified if they were in the UK and how many private companies choose not to notify in the UK each year? To compare with the US they have had over a 1,000 notified breaches since 2003 averaging in cost at $6.3million dollars each. There is probably a similar amount of activity in the UK and the average cost of a breach in the UK is £1.4 million(Ponemon Institute, LLC). Would the UK benefit from a data breach law? It would certainly benefit from more use of GPG or Truecrypt on exported data.

Cheers,
Paul

Leave a Reply

You must be logged in to post a comment.