Tag: security

Oracle April 2021 Update Security Improvements on TLS (Transport Level Security)

If your application uses Java 1.7 that connects to Oracle Database securely over TCPS (Transmission Control Protocol with SSL), and you keep your security patching up to date, the latest Oracle April 2021 security updates may raise some challenges for…

Read More >

Cassandra Vulnerability – CVE-2020-13946 – Apache Cassandra RMI Rebind Vulnerability

On September 1, 2020, Apache disclosed a security vulnerability for Apache Cassandra. Summary: It’s possible for a local attacker without access to the Apache Cassandra process or configuration files, to manipulate the RMI registry to perform a man-in-the-middle attack and…

Read More >

Postgres Security Patches Related to the Search Path

There were some security patches released this month for Postgres, to put further restrictions on pathways that malicious users could use to leverage the search_path to insert malicious code. What is the search path? What is search_path? Postgres has a…

Read More >

Using FreeRadius to Authorize Oracle Connections

Jared Still shows you how to setup the open source RADIUS server FreeRadius so it may be used to authenticate database connections.

Read More >

RDP Issue – CredSSP encryption Oracle remediation

Introduction We have recently had some issues accessing a few client servers and found it is related to a Windows security update that was released earlier in May 2018. The problem is when you try to RDP to a server…

Read More >

Exciting updates from Microsoft Build 2018

The Build conference is Microsoft’s premier event targeted at software developers. Over the years, a lot of big technology announcements have been made at this conference and this year was no exception. As expected, Azure keeps taking the spotlight over…

Read More >

Using LetsEncrypt Certs with Oracle E-Business suite

Enabling TLS/SSL is the first step of securing Oracle E-Business Suite, especially if you have internet facing DMZ nodes. TLS is what powers the Oracle EBS to use https URLs. LetsEncrypt makes this process easy. Let’s Encrypt is a certificate…

Read More >

Using Oracle Wallets and SEPS with Perl, JDBC, and ODBC

A few years ago I wrote a couple of popular blog articles on using Secure External Password Stores (SEPS) and Credential Wallets to manage passwords used by scripts for database connections: Securing Oracle Monitoring And Backup Scripts Issues With Oracle…

Read More >

Oracle’s Database Security Assessment Tool (DBSAT) Version 2 (2.0.1)

Background Oracle recently released a new version of their Database Security Assessment Tool (DBSAT) – version 2.0.1. This is a welcome update as it’s been a while since the initial release in 2016. In fact, the tool hasn’t been enhanced…

Read More >

How to respond to the meltdown and spectre CPU vulnerabilities

Google’s “Project Zero” has released details about three vulnerabilities that impact all Intel, AMD and ARM based systems running any operating system, including systems on all major cloud platforms. The three vulnerabilities may allow an attacker to access sensitive areas…

Read More >
Page 1 of 41234