Blog Posts Tagged with "TeamSHATTER"

B451da363bb08b9a81ceadbadb5133ef

It’s Back: March Madness Higher Education Data Breach Brackets

March 12, 2012 Added by:Alexander Rothacker

The method to our ‘Madness’ is simple – based solely on the number of reported records breached in 2011, we put together brackets. For each U.S.-based institution of higher learning that reported a data breach in 2011, we seeded (ranked) them based on number of records affected...

Comments  (0)

3750d420f6c2a9844b529978894dc0be

It's Time to Evolve How We Protect Our Data

January 24, 2012 Added by:Josh Shaul

Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

TeamSHATTER: Analysis of the January 2012 Oracle CPU

January 18, 2012 Added by:Alexander Rothacker

This time ere are only TWO fixes. This is the lowest number ever since the CPU program has started in 2005. Oracle, what happened? Did you throw in the towel on DBMS fixes? I know it’s not because the Database is finally fixed for good and is now suddenly secure...

Comments  (0)

3750d420f6c2a9844b529978894dc0be

2012 Has Delivered Her First Giant Data Breach

January 17, 2012 Added by:Josh Shaul

We consumers need to pressure business to change their practices and protect our information. By asking questions, we’ll force organizations to recognize the importance of effective security, and to either do it properly or lose customers to a competitor who will...

Comments  (0)

3750d420f6c2a9844b529978894dc0be

Steam Attack Puts Users at Risk of Spear Phishing

November 15, 2011 Added by:Josh Shaul

A good implementation of salting before hashing can yield very secure results – however weak implementations that used fixed salt are not all that unusual, and those are quite easy to break. The stored credit card numbers were encrypted. It’s likely that these will be difficult to extract...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Analysis of the October 2011 Oracle CPU Database Patches

October 19, 2011 Added by:Alexander Rothacker

Oracle released its October Critical Patch Update with 57 vulnerabilities across multiple products. This low number of patches continues a trend where Oracle appears to be losing focus on database security, probably due to the many new products offerings and acquisitions...

Comments  (0)

12ea1d6ac442fbf368f1da078fd43220

Keeping Privileged Users Under Control in Oracle Database

October 03, 2011 Added by:Esteban Martinez Fayo

SYSDBA privilege has unlimited access to all data and can make any configuration change. With DatabaseVault installed, it is possible to restrict SYSDBA users from accessing certain data but the protection is not complete. There are ways to bypass the defenses and compromise the data...

Comments  (1)

B451da363bb08b9a81ceadbadb5133ef

Native Auditing In Modern Relational Database Management

August 03, 2011 Added by:Alexander Rothacker

Modern databases provide powerful built-in auditing capabilities that are often underestimated. There are downsides of native auditing like the ability for a malicious user to manipulate the audit trail. Overall, this feature allows customers to monitor database activity at a very granular level...

Comments  (3)

B451da363bb08b9a81ceadbadb5133ef

TeamSHATTER Analysis Of The July 2011 Oracle CPU

July 31, 2011 Added by:Alexander Rothacker

With ‘unbreakable’ timeliness, Oracle released their 27th Critical Patch Update. They shipped 78 security fixes over all their product families. Sixteen of the fixes are specific to the Oracle Database, but a total of 30 fixes have an impact on database confidentiality, integrity or availability...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Avoiding The Next Big Data Breach

June 21, 2011 Added by:Alexander Rothacker

It’s incumbent on the individuals that are responsible for the security of the data to ride this wave of activity, raise awareness, and move their security projects forward. There is no reason these large breaches should be occurring, not when the solutions already exist...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Is Oracle Misleading Its Database Customers With CPUs?

April 26, 2011 Added by:Alexander Rothacker

Is Oracle misleading its database customers during its quarterly Critical Patch Updates (CPUs)? Unfortunately for its customers, Oracle has figured out a way to downplay the severity of its vulnerabilities and water down the Common Vulnerability Scoring System (CVSS) scoring...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Higher-Ed Breach Madness: The Data Breach Final Four

March 29, 2011 Added by:Alexander Rothacker

We thought it might be fun to take a look at which higher education institutions would make the “Data Breach Final Four”. Based on the number of reported records breached in 2010, we put together brackets for what we are calling the 2010 Higher Education Data Breach Madness...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Database Security Discussion Lacking at RSA Conference

March 01, 2011 Added by:Alexander Rothacker

Why don’t organizations protect the database? It seems incredibly obvious, but it’s clearly not happening as often as it should be. Hopefully next year’s RSA Conference provides more education on database security – after all, that’s where sensitive information spends 99% of its lifecycle...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Another Resolution For 2011: Secure Your Sensitive Data

February 01, 2011 Added by:Alexander Rothacker

Tack on one more resolution for 2011 – secure your sensitive information. Hackers are constantly looking for ways to access critical corporate data and have moved away from the idea of “breaking in because they can” and are looking to harvest sensitive information to sell on the black-market...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Oracle’s January 2011 Critical Patch Update

January 24, 2011 Added by:Alexander Rothacker

Starting in 2010, Oracle decreased the number of patches in the database with only 32 fixes reported. The trend continues in the first release of 2011 with only 6 database fixes out of 66 total fixes. The bulk of the other 60 fixes are in Oracle Fusion Middleware, PeopleSoft and Solaris...

Comments  (0)