Slavik » Musings on Database Security

Author Archive

Wednesday, November 28th, 2007

Impressions from Oracle OpenWorld 2007

Oracle OpenWorld came and went. I had some interesting sessions which I’ll summarize shortly, some less interesting sessions, lots of beer and a great concert by Billy Joel and Lenny Kravitz. I arrived in SF on Friday night from Philadelphia (after being selected again at the airport for “random” inspection). I had several interesting meetings [...]

No Comments » - Posted in Oracle by Slavik

Saturday, November 17th, 2007

Propagating Middle-Tier and Application Users to the DBMS (Part 3 of 3)

Well, finally I’m writing the third part of the blog. The thing that pushed me to finish this was a talk I had with Tim Hall of Oracle-base fame after his Unconference presentation in Oracle OpenWorld. Tim told me that his Java developers are claiming that adding user context information in an already existing application [...]

No Comments » - Posted in Java, Oracle, security, technical tips by Slavik

Sunday, November 4th, 2007

PCI Grows Teeth

The rumors about my death have been greatly exaggerated, to paraphrase Mark Twain. I guess I’m a burst-blogger, at least for as long I’m also the CTO of a growing start-up.
The credit card companies started to make good on their threats and levy hefty fines like this one issued against TJX and its banks. This [...]

No Comments » - Posted in PCI, TJX, compliance, credit cards by Slavik

Sunday, September 9th, 2007

You Know Breaches Hit the Big Time When…

You know that data breaches have become part of big business reality when the Harvard Business Review publishes a hypothetical case study entitled “Boss, I Think Someone Stole Our Customer Data”. The case study does a very good job of illustrating the initial confusion and many gray areas that enterprises face when confronted with [...]

No Comments » - Posted in breach, compliance, insider threat, privacy, sb1386 by Slavik

Wednesday, August 22nd, 2007

Oracle CPUs - Do We Care?

I promised to blog a bit about my traveling, so here I go:
I was visiting customers in India and the US and giving presentations to Oracle user groups in the US. Amazingly, the state of US airports is just getting worse every month. Flying from Israel to India and from India to NY went without [...]

6 Comments » - Posted in DBA, Oracle, compliance, patching by Slavik

Tuesday, August 14th, 2007

SQL UNjection

It’s been a while since my last post, but contrary to rumors I am not dead - just traveling a lot (something I promise to blog about soon).
The UN’s website suffered an SQL injection over the weekend by hackers who defaced the homepage. According to this site the SQL injection exploited a database vulnerability, but [...]

No Comments » - Posted in SQL injection, security by Slavik

Thursday, July 5th, 2007

DBAs are not the enemy, but they too need watching

Back after a short and much needed hiatus, I came across this piece by security analyst Eric Ogren on Computerworld’s website. He discusses how DBAs have become public enemy number one because of compliance mandates to exercise segregation of duties, and how this has been blown out of proportion to other, greater risks.
A few days [...]

3 Comments » - Posted in DBA, breach, insider threat, monitoring, security by Slavik

Sunday, June 17th, 2007

Hedgehog: New Database Security Solution

This is a personal as well as a commercial posting for me… Tomorrow is a special day in the short history of my company - after long months of R&D, we are finally releasing our product, named Hedgehog (there’s already some coverage in Dark Reading). These are very exciting times both for me personally and [...]

3 Comments » - Posted in Oracle, monitoring, security by Slavik

Sunday, June 10th, 2007

Propagating Middle-Tier and Application Users to the DBMS (Part 2 of 3)

As promised, this is the second of a three part blog entry discussing the propagation of middle-tier users to the database. This post will mainly concentrate on the Java side of things. I will show how to use Spring-framework’s excellent transactional support using AOP to add an additional advice, relying on ThreadLocal to pass application [...]

6 Comments » - Posted in Oracle, Uncategorized, technical tips, user identity by Slavik

Friday, June 8th, 2007

Chronicle of a Breach Foretold

About a month ago I posted about breaches at educational institutions, and suggested that rectifying the problem could start by simply not hoarding PII (personally identifiable information) unnecessarily.
Today I read about this breach at Northwestern University (not the first data breach for them) where social security numbers of 4,000 individuals may have been compromised, including [...]

1 Comment » - Posted in breach, privacy, universities by Slavik

« Previous Entries

Next Entries »

Tags
bind_variables breach breach-notification compliance conference cpus database-monitoring database security database security DBA educational_institutions hedgehog hipaa insider threat insider threat intrusion monitoring MS SQL Server Oracle oracle_database_security oracle_security patching PCI Personal personally_identifiable_information pii presentation privacy regulatory-compliance sarbanes-oxley sb1386 security segregation_of_duties social_security_numbers SQL injection sql_injection technical technical tips TJX ukoug universities user identity visa vulnerability webcast
Categories
- breach
- compliance
- credit cards
- DBA
- encryption
- Fuzzor
- insider threat
- Java
- monitoring
- MS SQL Server
- Oracle
- OUG
- patching
- PCI
- Personal
- privacy
- sb1386
- security
- SQL injection
- technical tips
- TJX
- Uncategorized
- universities
- user identity
Blogroll
Meta
January 2009

M T W T F S S

« Dec

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30 31

January 2009
M	T	W	T	F	S	S
« Dec
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31