Tag: security

If your application uses Java 1.7 that connects to Oracle Database securely over TCPS (Transmission Control Protocol with SSL), and you keep your security patching up to date, the latest Oracle April 2021 security updates may raise some challenges for…

On September 1, 2020, Apache disclosed a security vulnerability for Apache Cassandra. Summary: It’s possible for a local attacker without access to the Apache Cassandra process or configuration files, to manipulate the RMI registry to perform a man-in-the-middle attack and…

There were some security patches released this month for Postgres, to put further restrictions on pathways that malicious users could use to leverage the search_path to insert malicious code. What is the search path? What is search_path? Postgres has a…

Jared Still shows you how to setup the open source RADIUS server FreeRadius so it may be used to authenticate database connections.

Introduction We have recently had some issues accessing a few client servers and found it is related to a Windows security update that was released earlier in May 2018. The problem is when you try to RDP to a server…

The Build conference is Microsoft’s premier event targeted at software developers. Over the years, a lot of big technology announcements have been made at this conference and this year was no exception. As expected, Azure keeps taking the spotlight over…

Enabling TLS/SSL is the first step of securing Oracle E-Business Suite, especially if you have internet facing DMZ nodes. TLS is what powers the Oracle EBS to use https URLs. LetsEncrypt makes this process easy. Let’s Encrypt is a certificate…

A few years ago I wrote a couple of popular blog articles on using Secure External Password Stores (SEPS) and Credential Wallets to manage passwords used by scripts for database connections: Securing Oracle Monitoring And Backup Scripts Issues With Oracle…

Background Oracle recently released a new version of their Database Security Assessment Tool (DBSAT) – version 2.0.1. This is a welcome update as it’s been a while since the initial release in 2016. In fact, the tool hasn’t been enhanced…

Google’s “Project Zero” has released details about three vulnerabilities that impact all Intel, AMD and ARM based systems running any operating system, including systems on all major cloud platforms. The three vulnerabilities may allow an attacker to access sensitive areas…