[Previous entry: "Oracle Patches Its Security Patches - Database patches fix flaws found in previous fixes"] [Next entry: "web seminar for Oracle roadmap of Oblix integration"]
Oracle's encryption not secure, researcher says - Alexander Kornbrust plans to detail his findings at Black Hat
July 27th, 2005 by Pete
Post to del.icio.us
Post to Furl
Rado has made a post in my Oracle Security Forum today titled "Alexander Kornbrust - Black Hat 2005 Presentation" that raises some good points about the effectiveness of the security imposed by Oracles built in database encryption methods. He is referring to Alex's presentation at the Black Hat conference going on now in Las Vegas. He also mentions a news article written by Robert McMillan on Computer World titled "Oracle's encryption not secure, researcher says - Alexander Kornbrust plans to detail his findings at Black Hat".
This news article starts by talking about the content of Alex Kornbrusts presentation at Black Hat in Las Vegas where he is going to say that Oracles standard database encryption mechanisms are weak and can be easily circumvented. Alex says most customers think that if they encrypt data with Oracles tools then it is safe - He says that this is not the case and a hacker can easily retrieve data such as credit card numbers from production databases. There are some interesting reactions from Paul Needham, the Oracle director of product management and some discussions about TDE and its cost per processor. This is a good article and worth reading. It is a two page article and page two is here.
