Blog Posts Tagged with "TeamSHATTER"
It’s Back: March Madness Higher Education Data Breach Brackets
March 12, 2012 Added by:Alexander Rothacker
The method to our ‘Madness’ is simple – based solely on the number of reported records breached in 2011, we put together brackets. For each U.S.-based institution of higher learning that reported a data breach in 2011, we seeded (ranked) them based on number of records affected...
Comments (0)
It's Time to Evolve How We Protect Our Data
January 24, 2012 Added by:Josh Shaul
Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies...
Comments (0)
TeamSHATTER: Analysis of the January 2012 Oracle CPU
January 18, 2012 Added by:Alexander Rothacker
This time ere are only TWO fixes. This is the lowest number ever since the CPU program has started in 2005. Oracle, what happened? Did you throw in the towel on DBMS fixes? I know it’s not because the Database is finally fixed for good and is now suddenly secure...
Comments (0)
2012 Has Delivered Her First Giant Data Breach
January 17, 2012 Added by:Josh Shaul
We consumers need to pressure business to change their practices and protect our information. By asking questions, we’ll force organizations to recognize the importance of effective security, and to either do it properly or lose customers to a competitor who will...
Comments (0)
Steam Attack Puts Users at Risk of Spear Phishing
November 15, 2011 Added by:Josh Shaul
A good implementation of salting before hashing can yield very secure results – however weak implementations that used fixed salt are not all that unusual, and those are quite easy to break. The stored credit card numbers were encrypted. It’s likely that these will be difficult to extract...
Comments (0)
Analysis of the October 2011 Oracle CPU Database Patches
October 19, 2011 Added by:Alexander Rothacker
Oracle released its October Critical Patch Update with 57 vulnerabilities across multiple products. This low number of patches continues a trend where Oracle appears to be losing focus on database security, probably due to the many new products offerings and acquisitions...
Comments (0)
Keeping Privileged Users Under Control in Oracle Database
October 03, 2011 Added by:Esteban Martinez Fayo
SYSDBA privilege has unlimited access to all data and can make any configuration change. With DatabaseVault installed, it is possible to restrict SYSDBA users from accessing certain data but the protection is not complete. There are ways to bypass the defenses and compromise the data...
Comments (1)
Native Auditing In Modern Relational Database Management
August 03, 2011 Added by:Alexander Rothacker
Modern databases provide powerful built-in auditing capabilities that are often underestimated. There are downsides of native auditing like the ability for a malicious user to manipulate the audit trail. Overall, this feature allows customers to monitor database activity at a very granular level...
Comments (3)
TeamSHATTER Analysis Of The July 2011 Oracle CPU
July 31, 2011 Added by:Alexander Rothacker
With ‘unbreakable’ timeliness, Oracle released their 27th Critical Patch Update. They shipped 78 security fixes over all their product families. Sixteen of the fixes are specific to the Oracle Database, but a total of 30 fixes have an impact on database confidentiality, integrity or availability...
Comments (0)
Avoiding The Next Big Data Breach
June 21, 2011 Added by:Alexander Rothacker
It’s incumbent on the individuals that are responsible for the security of the data to ride this wave of activity, raise awareness, and move their security projects forward. There is no reason these large breaches should be occurring, not when the solutions already exist...
Comments (0)
Is Oracle Misleading Its Database Customers With CPUs?
April 26, 2011 Added by:Alexander Rothacker
Is Oracle misleading its database customers during its quarterly Critical Patch Updates (CPUs)? Unfortunately for its customers, Oracle has figured out a way to downplay the severity of its vulnerabilities and water down the Common Vulnerability Scoring System (CVSS) scoring...
Comments (0)
Higher-Ed Breach Madness: The Data Breach Final Four
March 29, 2011 Added by:Alexander Rothacker
We thought it might be fun to take a look at which higher education institutions would make the “Data Breach Final Four”. Based on the number of reported records breached in 2010, we put together brackets for what we are calling the 2010 Higher Education Data Breach Madness...
Comments (0)
Database Security Discussion Lacking at RSA Conference
March 01, 2011 Added by:Alexander Rothacker
Why don’t organizations protect the database? It seems incredibly obvious, but it’s clearly not happening as often as it should be. Hopefully next year’s RSA Conference provides more education on database security – after all, that’s where sensitive information spends 99% of its lifecycle...
Comments (0)
Another Resolution For 2011: Secure Your Sensitive Data
February 01, 2011 Added by:Alexander Rothacker
Tack on one more resolution for 2011 – secure your sensitive information. Hackers are constantly looking for ways to access critical corporate data and have moved away from the idea of “breaking in because they can” and are looking to harvest sensitive information to sell on the black-market...
Comments (0)
Oracle’s January 2011 Critical Patch Update
January 24, 2011 Added by:Alexander Rothacker
Starting in 2010, Oracle decreased the number of patches in the database with only 32 fixes reported. The trend continues in the first release of 2011 with only 6 database fixes out of 66 total fixes. The bulk of the other 60 fixes are in Oracle Fusion Middleware, PeopleSoft and Solaris...
Comments (0)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider