Author Archive
Wednesday, April 9th, 2008
RSA Conference 2008
It’s been a while since I’ve blogged. Hit a dry spell, I guess. Will try to post more frequently and about some technical issues as well. Anyway, I’m at the RSA conference in San Francisco for the entire week. It’s been a great conference so far with interesting keynotes and sessions. Also, a lot of [...]
No Comments » - Posted in PCI, compliance, credit cards, security by Slavik
Monday, March 17th, 2008
Proactivity vs. Reactivity
Fern Halper, an analyst with Hurwitz & Associates wrote in her blog “Data makes the world go ’round” about database activity monitoring (as well as highlighting some of what my company Sentrigo does).
In the summary of her post she raises an important issue - that most DBAs are reactive rather than proactive when it comes [...]
No Comments » - Posted in monitoring, security by Slavik
Sunday, March 16th, 2008
Presenting at the UKOUG DBMS SIG this week
I’ll be presenting on Oracle database hacking and security at the UKOUG DBMS Special Interest Group meeting this week. The meeting will take place on Thursday, 20th March 2008 in Baylis House, Slough (UK, obviously). Here’s the link for the agenda and details http://www.ukoug.org/calendar/show_event.jsp?id=3358
Hope to see some of you there - come and say hello…
No Comments » - Posted in OUG, Oracle by Slavik
Sunday, March 9th, 2008
Oracle Security Webinar with Pete Finnigan
Just a short announcement this time - Sentrigo is hosting a live webinar/webcast with Pete Finnigan where he’ll share his wisdom on Oracle database security, show some attack vectors and how one can detect and prevent them, as well as other good stuff.
Those of you who’ve ever attended one of Pete’s masterclasses at an OUG [...]
No Comments » - Posted in Oracle, security by Slavik
Thursday, February 21st, 2008
Chinese Internet Restrictions and the Olympics
Totally unrelated to database security but I’ve read this interesting bit on /. while flying to the US. It got me thinking - how does China prevent people from going to restricted sites like blogger.com? Do Chinese ISPs use some form of IP filtering? Do they parse HTTP and prevent proxies? How about HTTPS? and [...]
1 Comment » - Posted in security by Slavik
Thursday, January 17th, 2008
Most DBAs do not apply security patches
In a recent survey we conducted, it turned out the DBAs are mostly ignoring security patches. Two thirds of the DBAs have never applied a CPU and only about 10% of them are applying CPUs in a timely fashion. After releasing the survey, we had some interesting responses in online publications [...]
2 Comments » - Posted in Oracle, security by Slavik
Monday, December 3rd, 2007
The need for database security explained in 5 minutes
Mike Rothman (of Security Incite) has a new series of podcasts over on eBizQ (where my VP marketing was interviewed a while back on the same topic). In the latest podcast, the 2nd in the series, Mike interviews Rich Mogull on the topic of database security.
If you didn’t “get it” until now, or if you [...]
No Comments » - Posted in security by Slavik
Wednesday, November 28th, 2007
Impressions from Oracle OpenWorld 2007
Oracle OpenWorld came and went. I had some interesting sessions which I’ll summarize shortly, some less interesting sessions, lots of beer and a great concert by Billy Joel and Lenny Kravitz. I arrived in SF on Friday night from Philadelphia (after being selected again at the airport for “random” inspection). I had several interesting meetings [...]
No Comments » - Posted in Oracle by Slavik
Saturday, November 17th, 2007
Propagating Middle-Tier and Application Users to the DBMS (Part 3 of 3)
Well, finally I’m writing the third part of the blog. The thing that pushed me to finish this was a talk I had with Tim Hall of Oracle-base fame after his Unconference presentation in Oracle OpenWorld. Tim told me that his Java developers are claiming that adding user context information in an already existing application [...]
No Comments » - Posted in Java, Oracle, security, technical tips by Slavik
Sunday, November 4th, 2007
PCI Grows Teeth
The rumors about my death have been greatly exaggerated, to paraphrase Mark Twain. I guess I’m a burst-blogger, at least for as long I’m also the CTO of a growing start-up.
The credit card companies started to make good on their threats and levy hefty fines like this one issued against TJX and its banks. This [...]