I will describe how you configure trust stores for the WebLogic Server.
Chain of trust
When a SSL server certificate is issued by a CA it is signed by a another certificate. Normally this will be an intermediate certificated, that is again signed by the CAs root certificate. So there is a chain of trust between the (more...)
In every business, there is a balance between business goals and various impediments.
You need to make sure that you don’t allow legal, QA, security and other internally-focused concerns tip the scale towards paralysis. There is more in this week’s edition of my newsletter “Technology That Fits” – sign up here.
Suddenly, our offshore colleagues could not access the database. We scrambled to find a solution, and and it soon transpired that the central security function had rolled out out a security policy upgrade the night before. Unfortunately, our offshore colleagues were connected to the network in an uncommon way, so the new security policy cut them off.
You don’t know what will happen when you change a system. Enterprise IT landscapes have reached a complexity (more...)
This post is about exploring the mechanisms used by Oracle Clusterware 184.108.40.206 to restrict remote service registration, i.e. the 12c new feature "Restricting Service Registration for Oracle RAC Deployments"Why is this useful?
This improvement of 12c clusterware and listeners over the 11.2 version is useful mainly for security purposes, for example as a measure against TNS poisoning attacks (see also CVE-2012-1675
), and it is particularly relevant for (more...)
(blogarhythm ~ Points of Authority / Linkin Park)
I recently got my hands on a review copy of Learning Devise for Rails
and was quite interested to see if it was worth a recommendation (tldr: yes).
A book like this has to be current. Happily this edition covers Rails 4 and Devise 3, and code examples worked fine for me with the latest point releases.
The book is structured primarily as a (more...)
Today when trying different settings with Basic Authentication and SOA Suite, I wanted to from the embedded OWSM Policy Repository of JDeveloper to the one stored on the application server. In JDeveloper you can do that through preferences (Tools | Preferences). See this blog for more details.
Click on the App Server Connection option and choose an existing connection through the Connections drop-down or add a new one by clicking New.
It seems that Boing just lost a 4 billion dollar deal to supply fighter jets to Brazil, because the Brazilians were miffed that the NSA spied on them.
You also live in a transparent world. If the NSA was unable to weed out Edward Snowdon in their hiring procedure, do (more...)
It appears that international credit bureau company Experian was inadvertently selling private information to online criminals posing as “private investigators”. These criminals then used Social Security numbers, birthdays and drivers license records to commit identify theft. Ironically, Experian is also selling protection against identity theft to private customers…
Do you know (more...)
Java 7u51 is scheduled for release in January. It will have some consequences for you Forms installation that you need to address.
As far as I know there is no problems with using 7u51 on the server side, only on the client side.
7u51 requires you to sign all RIAs (Applets and Web Start applications).
Oracle already signs the standard jar (more...)
After input from Jacco H. Landlust and Edwin Biemond I have rewritten my post about entropy.
In computing you often need random numbers. They are used for encrypting stuff but also for lots of other things.
For Linux servers random numbers are default provided by the /dev/random device. /dev/random is a pool of random bits (more...)
2 days ago I gave a presentation “Oracle 12c from the attackers perspective” at the DOAG SIG Security. I learned some interesting things, especially that a fix for the Oracle oradebug “disable auditing” problem is available since 9 months.
Oradebug allows to run OS commands and to enable/disable Oracle SYSDBA (more...)
While I was not surprised that the U.S. intelligence agencies monitor web activity, I was surprised at the scale revealed by the Edward Snowdon leaks.
If there are still American cloud providers that do not routinely provide the NSA with wholesale access to their customers’ data, it will only (more...)
Here is a quick way of creating your own CA and issue server and client certificates via OpenSSL.
I will test the certificates via the Apache HTTP Server by configuring one and two-way SSL.
I use Oracle Linux 5.
You should of cause only use this for test scenarios.
It is now possible to protect Apache on both Windows and Red Hat servers against CRIME SSL/TLS attacks.
I have updated my Hardening the Apache HTTP Server post accordingly.
Often you do not want servers in your internal network segments to be able to access the Internet directly.
One way to get controlled access to the Internet is to place an Apache HTTP Server in a DMZ network segment. Internal servers can then use the Apache server as a (more...)
Oracle’s “Security Alert Advisory for CVE-2012-3132” issued a warning about an attack vector that once again was discovered by security expert David Litchfield. The vulnerability allows to execute SQL code with SYS privileges by using object names containing quotation marks, if the attacker has authorized access to the database, has CREATE TABLE and CREATE PROCEDURE privileges […]
(blogarhythm ~ Can you keep a secret? - 宇多田ヒカル)
(“megaargh!” in pirate-speak) is a Ruby wrapper and command-line client for the Mega API
In the current release (gem version 0.0.3), it has coverage of the basic file/folder operations: connect, get file/folder listings and details, upload and download files. You can use it directly in Ruby with what I hope you'll find is a very sane API, but it also sports a basic command-line mode for simple listing, upload and download tasks.
If you are interested in hacking around with Mega, and prefer to do it (more...)