Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed

Archive for December, 2008

CCC MD5 collision demo

The Computer Chaos Convention has spawned an example of how MD5 collisions can be used to create a rogue CA cert that has the same MD5 as a valid CA cert. The example is interesting but only affects CA Certs that rely on the MD5 checksumming algorithm for the digital signature. This is the minority [...]

Data Leak Prevention Win-Win

Initially a DLP implementation can be labour intensive especially if it requires the categorisation of data into appropriate sensitivity levels. Most security measures have a corresponding cost. This was borne out in Tom Kyte’s presentation on Encryption at UKOUG this year where the encryption routines were measured to show the performance hit of encrypting data [...]

Oracle Password Update

Recovered from UKOUG now, As Alex mentions on his blog GSAuditor has been updated to include 11g passwords and it is very fast. Pete Finnigan’s PL based password cracker can be conveniently run from PL/SQL on the DB in question and is easily modified to take it’s passwords from SYS.USER_HISTORY$ …but bear in mind that [...]

CREATE_DIRECTORY first improvement

That was quick..good to know that folks are reading the blog. Christian wrote an email to me specifying the following. Consider this example, which gives access to the root directory: SQL> exec create_directory.createdirectory(‘rootdir as”/”–’,'/u01/thisismypath’); It results in the creation of the root directory “/” but without granting the privileges to the user so not a [...]