(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)
The Computer Chaos Convention has spawned an example of how MD5 collisions can be used to create a rogue CA cert that has the same MD5 as a valid CA cert. The example is interesting but only affects CA Certs that rely on the MD5 checksumming algorithm for the digital signature. This is the minority [...]
Initially a DLP implementation can be labour intensive especially if it requires the categorisation of data into appropriate sensitivity levels. Most security measures have a corresponding cost. This was borne out in Tom Kyte’s presentation on Encryption at UKOUG this year where the encryption routines were measured to show the performance hit of encrypting data [...]
Recovered from UKOUG now, As Alex mentions on his blog GSAuditor has been updated to include 11g passwords and it is very fast. Pete Finnigan’s PL based password cracker can be conveniently run from PL/SQL on the DB in question and is easily modified to take it’s passwords from SYS.USER_HISTORY$ …but bear in mind that [...]
That was quick..good to know that folks are reading the blog. Christian wrote an email to me specifying the following. Consider this example, which gives access to the root directory: SQL> exec create_directory.createdirectory(‘rootdir as”/”–’,'/u01/thisismypath’); It results in the creation of the root directory “/” but without granting the privileges to the user so not a [...]
