Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
I won't go into more detail here as I have shown it running previously in this blog in a post titled "A new Oracle Password cracker that runs inside the database" and I have also described it in great detail in the page for the cracker, listed above.
Its raw and beta still and I have some work to do to it, but its stable and works so its worth putting it out now. I will make some changes over the coming days and add some more functionallity and post up the updates when they are ready.
I recommend anyone interested in securing their database to download it as its free, its simple, you can run it in SQL*Plus, so there is no excuse now for any DBA to not hardend and strengthen the passwords in their databases.
The slides for the presentation are available on my Oracle Security white papers page.
Also Sentrigo recorded the session as video. This is available from this URL: https://www2.gotomeeting.com/register/626729368
OK, a number of people have emailed me, sent me PM's, even someone sent me an SMS and a couple of blog comments have been posted. What is happening with the PL/SQL password cracker. Well I just have not had free time to sort it out. I need to simply add a header text to it, clear out all the debug code, ideally add the 11g code and of course post it up. I am going to have some free time Thursday so I will promise to post it up on my tools page on Thursday and also mention it here. Sorry to those that have been waiting and sorry to those who have been teased by seeing it running last week in Iceland.
I also gave a webinar talk today for Sentrigo on the subject of Oracle security of course. This was fun although it is still weard after now having done three webinars to speak and get absolutely no feedback. I will post the slides on my site on Thursday for those who have asked me about them.
I also saw a couple of posts last week around travel to the states and the new rules that allow the US customs to take laptops and other electronic items to review. This is very worrying as it is probably pot luck as to whether you fall victim to this. There is a story "Homeland Security: We can seize laptops for an indefinite period" about it and some tips on PC World in an article titled "Five Things to Know About U.S. Border Laptop Searches" and finally Toms experiences in the same area in a post titled "Crossing the border... ". This is a worry if you use a laptop for your business, what do you do?, stay out of the states, dont take a laptop, or email in your data and collect it there? - i guess if you need to go to the states you need to prepare for this.
Finally for this short post, i saw from browsing the UKOUG calendar for the conference in December that i have also had my Oracle Security Masterclass accepted. This is good news and should be a fun session. I have enjoyed the masterclasses particularly in the past as they allow a more in-depth look at the subject. I will talk more later in the year about the content of this masterclass, it will be worth coming along.
OK, enough for now, i have worked past midnight a few nights i the last week, i need a rest..:-)
JOIN US FOR A LIVE WEBINAR
Database Security Masterclass with Pete Finnigan
DATE: Tuesday, September 23rd
TIME: (US Attendees) 7am PT/ 10am ET (UK Attendees) 3pm UK
DURATION: 60 Minutes
Back by popular demand, Pete Finnigan, one of the world's foremost authorities on database security, will lead this live Database Security Masterclass. In this Masterclass, Finnigan will share his knowledge and best practices on securing the DBMS.
For over a decade, Finnigan has been one of the most well-known experts on DBMS security, has authored a best-selling book on the topic and regularly attracts large crowds at user group events in the UK and the US, and many security conferences world-wide. He consults to a wide array of blue-chip clients, and his Website (www.PeteFinnigan.com) comprises the best reference on the Web for Oracle database security.
• How databases are compromised (including live demonstrations)
• Techniques and tools that can help secure the DBMS
• Priorities in risk mitigation and remediation of security gaps
Plus: LIVE DISCUSSION and INTERACTIVE Q&A
REGISTER NOW! https://www2.gotomeeting.com/register/626729368
If you are unable to join us but know of a colleague in the database or security departments who may be interested, please feel free to forward them this e-mail.
The Sentrigo team
Last week I was in Reykjavik to teach an Oracle Security Masterclass, which went really well. The slides are available on my Oracle Security White papers page, first entry.
I have not forgotten about releasing the PL/SQL cracker. The code still needs cleaning, I hope to do this and release it in the next few days, please bear with me.