I just uploaded my DOAG 2013 presentation “Best of Oracle Security 2013“.
This presentation shows how to bypass Oracle Data Redaction, become DBA using CREATE ANY INDEX, Hide information from Oracle Auding using VPD and more…
SQL> select * from scott.credit_card where 1=ordsys.ord_dicom.getmappingxpath((card_id),user,user);
We are going to start a reseller program for PFCLScan and we have started the plannng and recruitment process for this program. I have just posted a short blog on the PFCLScan website titled " PFCLScan Reseller Program ". If....[Read More]
Posted by Pete On 29/10/13 At 01:05 PM
We released version 1.3 of PFCLScan our enterprise database security scanner for Oracle a week ago. I have just posted a blog entry on the PFCLScan product site blog that describes some of the highlights of the over 220 new....[Read More]
Posted by Pete On 18/10/13 At 02:36 (more...)
New Security Features in Oracle EBS 12.2
Thursday, October 24, 2013 - 2:00 pm EDT
Oracle E-Business Suite 12.2 introduces a number of new security features, enhancements, and changes. This eLearning webinar will examine each of these security features to describe the impact on your implementation and how (more...)
Hi Guys, OOW was the trip of a lifetime. Watching Oracle USA win the cup with Ben Ainslie was great, as was watching Larry’s keynote live. Columnar in memory DB looks interesting and competition for Hana. I presented at the excellent Delphix event with OakTable, and picked up some good (more...)
At Derbycon 3.0, László Tóth and Ferenc Spala gave a a new presentation “What’s common in Oracle and Samsung? They tried to think differently… ” (Video). The main focus of the presentation was the Samsung encryption and a new framework called sandy but there was also a small (more...)
Hi Oracle Security Readers, OOW is here again and I will be giving a short “In a nutshell – 3 good and 3 bad points on 12c” at Oak Table World http://www.kylehailey.com/oaktable-world/agenda/ This can be regarded as a short taster for the upcoming book. http://www.springer.com/computer/database+management+%26+information+retrieval/book/978-1-4302-6211-4 You (more...)
Going Without CPU Patches on Oracle EBS 11i?
Tuesday, September 17, 2013 - 2:00 pm EDT
Are you thinking, or maybe you have already decided, about not upgrading to R12? Are you concerned about the impeding lack of CPU security patches for 11i? Have you decided upon the mitigating controls (more...)
2 days ago I gave a presentation “Oracle 12c from the attackers perspective” at the DOAG SIG Security. I learned some interesting things, especially that a fix for the Oracle oradebug “disable auditing” problem is available since 9 months.
Oradebug allows to run OS commands and to enable/disable Oracle SYSDBA (more...)
We have just updated PFCLScan our companies database security scanner for Oracle databases to version 1.2 and added some new features and some new contents and more. We are working to release another service update also in the next couple....[Read More]
Posted by Pete On 04/09/13 At 02:45 (more...)
It has been a few weeks since my last blog post but don't worry I am still interested to blog about Oracle 12c database security and indeed have nearly 700 pages of notes in MS Word related to 12c security....[Read More]
Posted by Pete On 28/08/13 At 05:04 PM
There has been some big new security items added to 12cR1 such as SHA2 in DBMS_CRYPTO, code based security in PL/SQL, Data Redaction, unified audit or even privilege analysis but also as I hinted in some previous blogs there are....[Read More]
Posted by Pete On 31/07/13 At 11:11 AM
The main new feature of Oracle 12cR1 has to be the multitennant architecture that allows tennant databases to be added or plugged into a container database. I am interested in the security of this of course and one element that....[Read More]
Posted by Pete On 23/07/13 At 02:52 PM
I just saw a link to a post by Steve Karam on an ISACA list and went for a look. The post is titled " Password Verification Security Loophole ". This is an interesting post discussing the fact that ALTER....[Read More]
Posted by Pete On 22/07/13 At 08:39 PM
Hi Oracle Security Folks, Yes indeed, 12c is out. I have been working on 12c for 1.5 years and gave the first external 12c security presentation (of which I am aware) at UKOUG 2012 in Birmingham so it is good to see that the product has finally been released. (more...)
I started to ask a question a few blog posts ago about how does the 12cR1 database affect database security audits. I have decided to come back to it now as it is a good chance to do so. I....[Read More]
Posted by Pete On 08/07/13 At 05:31 PM
When You Can’t Apply Oracle Security Patches
Tuesday, June 25, 2013 - 2:00 pm EDT
Are you not applying, or maybe having difficulty in applying, Oracle security patches in a timely manner? Are you quarters or years behind on security patches? Due to lack of security patch support by Oracle (more...)
It’s hard to believe that another year has passed from last RSA. But, indeed, time flies when you’re busy, I guess. So, for the second year in a row, McAfee wins the SC magazine award for best database security solution. I’m so proud!
Turns out that Tanel has an artist hidden deep down inside!
These are some amazing statistics…