Comments on: Oracle security bloopers II http://itknowledgeexchange.techtarget.com/eye-on-oracle/oracle-security-bloopers-ii/ A SearchOracle.com blog Sat, 28 Nov 2009 00:56:47 +0000 http://wordpress.org/?v=2.6.2 By: Track Of Time Billed http://itknowledgeexchange.techtarget.com/eye-on-oracle/oracle-security-bloopers-ii/#comment-1026 Track Of Time Billed Wed, 12 Mar 2008 06:02:42 +0000 http://eyeonoracle.blogs.techtarget.com/2007/07/09/oracle-security-bloopers-ii/#comment-1026 <strong>Job Time Tracking with GPS</strong> A 2005 Salary.com and AOL study says the average employee wastes 2.09 hours a day on everything from conducting personal business to running errands, arriving late or leaving early and making personal phone calls. <strong>Job Time Tracking with GPS</strong>

A 2005 <a href="http://Salary.com" title="http://Salary. " target="_blank">Salary.com</a> and AOL study says the average employee wastes 2.09 hours a day on everything from conducting personal business to running errands, arriving late or leaving early and making personal phone calls.

]]> By: Tim DiChiara http://itknowledgeexchange.techtarget.com/eye-on-oracle/oracle-security-bloopers-ii/#comment-1025 Tim DiChiara Thu, 12 Jul 2007 16:14:29 +0000 http://eyeonoracle.blogs.techtarget.com/2007/07/09/oracle-security-bloopers-ii/#comment-1025 Krah, That's a valid point. However, securing enterprise data is more than just using Data Vault or other Oracle features properly. There is definitely a "human element" and these examples show how incredibly important that is. --Tim Krah,

That’s a valid point. However, securing enterprise data is more than just using Data Vault or other Oracle features properly. There is definitely a “human element” and these examples show how incredibly important that is.

–Tim

]]> By: krah http://itknowledgeexchange.techtarget.com/eye-on-oracle/oracle-security-bloopers-ii/#comment-1024 krah Thu, 12 Jul 2007 14:45:16 +0000 http://eyeonoracle.blogs.techtarget.com/2007/07/09/oracle-security-bloopers-ii/#comment-1024 How silly can you get? Every single one of those cases you have listed is not an Oracle security problem. For some reason I was under the impression that some users may have figured out something clever to get around a security mechanism provided by Oracle, but not so. All cases you have listed are problems with naive users not knowing what to do, not a problem with the Oracle product (no I don't work for Oracle). For example in an Oracle 8i and below, a user with export permissions could view passwords set in database links by extracting the text using the strings command. That I think they have fixed in the later releases. This is an example of a security hole in Oracle, you shouldn't have to know other people's passwords even if you are a dba. Now if I write my password on a paper and stick it in my cubicle with a push pin, then that is my problem, not Oracle's. In the IT field there is no shortage of people, many holding advanced IT positions and running the show who clearly don't know what they are doing, but they also don't hesitate in preventing other people in doing what needs to be done. But I wouldn't call that an Oracle blooper. How silly can you get? Every single one of those cases you have listed is not an Oracle security problem. For some reason I was under the impression that some users may have figured out something clever to get around a security mechanism provided by Oracle, but not so. All cases you have listed are problems with naive users not knowing what to do, not a problem with the Oracle product (no I don’t work for Oracle).

For example in an Oracle 8i and below, a user with export permissions could view passwords set in database links by extracting the text using the strings command. That I think they have fixed in the later releases. This is an example of a security hole in Oracle, you shouldn’t have to know other people’s passwords even if you are a dba. Now if I write my password on a paper and stick it in my cubicle with a push pin, then that is my problem, not Oracle’s.

In the IT field there is no shortage of people, many holding advanced IT positions and running the show who clearly don’t know what they are doing, but they also don’t hesitate in preventing other people in doing what needs to be done. But I wouldn’t call that an Oracle blooper.

]]> By: Andrew Kerber http://itknowledgeexchange.techtarget.com/eye-on-oracle/oracle-security-bloopers-ii/#comment-1023 Andrew Kerber Wed, 11 Jul 2007 14:44:10 +0000 http://eyeonoracle.blogs.techtarget.com/2007/07/09/oracle-security-bloopers-ii/#comment-1023 This isnt Oracle security, but it is security. In the late 80s, I was working for a defense contractor, shortly after the first of the internet worm attacks went through and locked up most of the Unix systems on the internet. Someone their decided to publicly announce that our systems were secure from attack. I discovered this after the fact, of couse. I had never seen such a perfect case of painting a target on oneself. This isnt Oracle security, but it is security. In the late 80s, I was working for a defense contractor, shortly after the first of the internet worm attacks went through and locked up most of the Unix systems on the internet. Someone their decided to publicly announce that our systems were secure from attack. I discovered this after the fact, of couse. I had never seen such a perfect case of painting a target on oneself.

]]> By: Slavik http://itknowledgeexchange.techtarget.com/eye-on-oracle/oracle-security-bloopers-ii/#comment-1022 Slavik Tue, 10 Jul 2007 08:17:29 +0000 http://eyeonoracle.blogs.techtarget.com/2007/07/09/oracle-security-bloopers-ii/#comment-1022 What an awesome post. I come across such stories all the time. Default usernames/passwords, shared usernames/passwords and sending of sensitive data on non-secure channels is definitely a recurring theme. What an awesome post. I come across such stories all the time. Default usernames/passwords, shared usernames/passwords and sending of sensitive data on non-secure channels is definitely a recurring theme.

]]>