via Ivan Ristić, author of ModSecurity, and Apache Security, and one of the great minds in information security today, comes news of The Trustworty Internet Movement SSL Pulse. SSL Pulse, is essentially, a information dashboard provisioning significant data relevant to the current state of the SSL ecosystem, if you will. Absolutely Outstanding.
Posts tagged as:
Data Security
Since it was first disclosed, I’ve been talking to lots of folks about the Oracle “TNS poison” vulnerability that’s out there.
Mostly, the talk has been focused on understanding the risks and implementing appropriate workarounds. But there seems to almost always come a time in the conversation when someone asks, “How can this be?”
It’s stunning to consider that Oracle sat on this issue for so long. It’s a critical vulnerability that fully compromises any Oracle database. It’s easy to exploit, requires no authentication, and it’s almost undetectable using built-in database features. But through the years and through a major database release, it remained unfixed and under wraps.
Senior executives in charge of security are finding their roles changing not only as they deal with the growing rates of data breaches and hacker attacks but also by the increasing interest from CEOs and others in the safety of their companies’ most valuable information, according to a survey from IBM.
As a result, chief information security officers (CISOs) are becoming a more significant presence in corporate boardrooms with a greater input into strategy, and also are shifting more toward risk management than simply reacting to one security incident after another, IBM’s Center for Applied Insights found in its study “Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment.”
Last week Oracle bumped heads with the database security community in a communications blunder that caused a proof of concept to be released for an unpatched four-year-old vulnerability in the database’s TNS Listener service. This week Oracle released a workaround, but still no patch, reigniting critics’ claims that the company is neglecting its database customers with shoddy patching practices.
Security professionals believe that Oracle is hurting its database customers through security negligence. Here are their charges. Dark Reading did try to contact Oracle for this article, but the company did not respond to inquiries.
The debacle over U.S. Credit Card processing company Global Payments security breach and stolen credit numbers continued yesterday with a press release from the company answering questions.
Global Payments made news in late March when Krebs on Security reported as many as 10 million credit cards could have been stolen in a security breach occurring between January 21 and February 25 of this year.
0 0 1 306 1750 MIX Public Relations 14 4 2052 14.0 Normal 0 false false false EN-US JA X-NONE
With only a few days remaining until SC Congress Canada 2012, I've been thinking again about what keeps IT security professionals up at night. Every time I ask my customers, I get a common response: mobility. The Bring Your Own Device phenomenon is weighing heavily on the minds of Canadian’s IT security elite. And they have a good reason to be concerned.
By 2014, 1.1 billion smartphones will be in use. Today, the average mobile worker has three devices: smartphone, tablet, and laptop. Companies are allowing these devices to connect to their networks, despite their better judgment and the security risks. So, what’s the REAL mobile threat? Why is this a big deal?
New technology drives productivity, but it also increases risk.
Sensitive data on mobile devices travels – physically and electronically – from the office to home and other off-site locations. In addition, we expect to see targeted mobile-device attacks from malware, spyware, malicious downloads/mobile apps, phishing, and spam. That’s why some security experts see smartphones and other mobile devices as one of the most serious new threat vectors to an organization.
At SC Congress Canada, I’ll be discussing research from a Websense/Ponemon report that looks at the latest mobile risk intelligence from 451 Canadian security and IT professionals. For example:
- 58% of organizations experienced data loss resulting from employee use of unsecured mobile devices.
- Canada is one of the countries that reported the most data loss and security exploits from mobile devices.
- 45% say that their employees circumvent or disengage security features such as passwords and key locks.
BYOD is outpacing Canadian enterprise security and policy. I will tackle this issue alongside Dr. Larry Ponemon (Ponemon Institute), Michelle Warren (MW Research and Consulting), and Faiza Kacem (National Bank of Canada) at SC Congress Canada on Wednesday, May 9 at 9:00 a.m. at the SC Congress Canada. I hope to see you there. If you can’t make it, I’ll update you in another post after the show.
Summary: Oracle rushes out a security advisory with workarounds for a dangerous Database Server security flaw that dates back to 2008.
Oracle is scrambling to contain the damage from a vulnerability disclosure hiccup that led to the release of a dangerous zero-day flaw in its flagship Database Server product.
The vulnerability, disclosed by researcher Joxean Koret, after he mistakenly thought it had been fixed by Oracle, allows an attacker to hijack the information exchanged between clients and databases.
Evidently, site and web administrator's need a refresher course in socket and transport layer security configurations... Not particularly surpassing, that.
News, of a thirteen year old Oracle Corporation (NasdaqGS: ORCL) Transparent Network Substrate Listener (TNS) flaw... Injected listeners permit egregious Oracle Database attacks. Oops.
via the comic genius of Nitrozac and Snaggy at The Joy of Tech™
