Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 60 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog


Home » Archives » November 2004 » Two more "takes" on the Gartner / Oracle exploit information release reluctance

[Previous entry: "Oracle Users Should Take Security Patch 68 Seriously"] [Next entry: "Oracle announce critical patch update schedule - beginning January 18 2005"]

Two more "takes" on the Gartner / Oracle exploit information release reluctance

November 17th, 2004 by Pete


I just found two more news stories about the Gartner report that I wrote about earlier. The first is on TechWeb - It doesn't have an author indicated. It goes into detail about the main thrust of the Gartner analysts report that Oracle have been taken to task for not telling its customers which versions and which products are most vulnerable and also that DBA's and administrators do not have enough information to decide what to patch and which databases are most vulnerable.

I can concur this sentiment as I have had a number of companies ask me how to decide whether their Oracle 7 and 8.0 databases are vulnerable or not and what can be done about it as upgrading is often not realistic. One key message being given on TechWeb and in the original Gartner report is that customers should put pressure on Oracle for more information.

The second article also about the Garnter analysts report is on vnunet. This report covers similar ground and advises that customers review the Alert 68 FAQ regularly, apply the patches, upgrade if possible and set up deep packet inspection if possible or even intrusion detection systems.

Both papers emphasise the issues raised by the Gartner analysts.

November 2004
SMTWTFS
 123456
78910111213
14151617181920
21222324252627
282930    

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives


Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0


Valid XHTML 1.0!