#Oracle #sqldev 17.2.0.188 MAJOR improvement

This is going to be quick, I don’t get a lot of time to read new features documentation. I normally reserve that for once a month, print em’ out and read over a nice glass of Scotch. Hey it works for me.

So today, things seem a bit odd, so I opened the SQL Developer Instance Viewer to get a picture of what the database was doing. WOW, thanks Jeff, Kris and team. Love the new look. Check out Top SQL.

Kinda disturbed by an article I just read. #infosec #rant

As most of you know I live on the defense side of infosec. As attack vectors are exposed, I study them to learn how to design systems that can defend against them. There are some biggies, sql injection, cross site scripting, insider threat and encrypted data leaking that burn a lot of my time.

I just read an article giving a detailed technical description on how to use randomized proxy chains to avoid detection. And by using proxies in different countries, it makes it difficult to find out who did the attack. Now of course this article said this should only be used for white hat pen testing and you should not use this for any illegal purposes.

Make no mistake, articles like this are not helping the good guys secure systems. You are only helping the bad guys.

Exciting times. #poug #tajoug #techconftj*

I will making my first trip to Krakow Poland and Dushanbe Tajikistan. This trip will cover over 24,000 miles in air travel and five different airlines.

POUG High Five. The Polish Oracle Users Group will be having their annual tech conference in Krakow Poland September 1 and 2. http://poug.org/en/edycja/high-five-poug/ I’ll be speaking on secure pl/sql coding and taking part in a panel discussion. There is a very impressive group of speakers coming in from all over the world. This is a first class conference that will be held in a brewery.

Tajikistan TechConf. I don’t have a URL for this conference yet, it will be held Thursday September 7 in Dushanbe Tajikistan. Heli “From Finland” Helskyaho and I will speaking along with some local speakers. Heli is famous for her dynamic speaking style; she will teach you new information that will make you better at your job.

Come on out to either one of these two excellent conferences and I’ll help you wrap your brain around Oracle Database Security.

Between POUG and Tajikistan TechConf, I will be spending a couple of days in Moscow to go to a concert and visit with some friends.

Getting to know you, getting to know all about you. #infosec #windows10

Windows 10 has the capability to record everything you say, everything you type and everything you write. Okay, I have a fundamental problem with this. Microsoft implemented this feature in the Beta release of Windows 10 to help the product development troubleshoot problems and improve the product. The product development team loved it so much, they kept it in the production release of Windows 10.

I am not going to discuss Microsoft’s motivation for keeping this in the production product. I will give you my opinion: Information is leaking like a water from a broken colander, so why would we keep this around? Saving this information on your device and the cloud is a massive issue. Here is what you need to do, turn it off and remove the voice, writing, typing from the cloud.

Go to Windows Settings -> Privacy -> Speech, Inking, & typing. If you see Stop getting to know me then click on it and it will turn it off and remove all the data from your local drive. You also need to remove all the data from the cloud. So on that same screen “Go to Bing and manage personal info for all your devices” to clear the Getting to Know You Data from your Microsoft account.

This combined with the setting “Send Microsoft info about how I write” has me very concerned. So turn that off too. On the same screen click on “General” then the third item on the right, “Send Microsoft info about how I write to help us improve typing and writing in the future” Turn that off.

#Oracle #Privilege analysis #QuickTip

Here is a quick tip on Oracle privilege analysis. Frequently I want to find out all of the ways a user can get to an object for any privilege. DBA_TAB_PRIVS and DBA_ROLE_PRIVS are the two views I go to. I want to also see all the privileges that are granted on any object. This is good for starting at the user tracking privileges to the object, it’s also good for starting at an object and walking back to the user.

This query does a pivot on the users and roles to get the path to the object and what privileges are associated with that path.

<CODE>
SELECT OWNER,
       TYPE,
       TABLE_NAME,
       GRANTEE_FROM,
       GRANTEE_TO,
       "'SELECT'" SEL,
       "'UPDATE'" UPD,
       "'INSERT'" INS,
       "'DELETE'" DEL,
       "'EXECUTE'" EXE,
       "'FLASHBACK'" FLSH,
       "'ON COMMIT REFRESH'" OCR,
       "'ALTER'" ALTR,
       "'DEQUEUE'" DEQ,
       "'INHERIT PRIVILEGES'" IPRV,
       "'DEBUG'" DBG,
       "'QUERY REWRITE'" QR,
       "'USE'" US,
       "'READ'" RD,
       "'WRITE'" WT,
       "'INDEX'" IDX,
       "'REFERENCES'" REF
FROM
       (SELECT R.GRANTEE "GRANTEE_TO",
              T.GRANTEE GRANTEE_FROM,
              T.GRANTABLE,
              T.owner,
              T.table_name,
              T.TYPE,
              T.PRIVILEGE
       FROM DBA_TAB_PRIVS T,
            DBA_ROLE_PRIVS R
       WHERE T.GRANTEE = R.GRANTED_ROLE (+)
       AND t.grantee != 'SYS'
       AND t.grantee != 'SYSTEM'
       AND R.GRANTEE != 'SYS'
       AND R.GRANTEE != 'SYSTEM'
       )
PIVOT (COUNT(PRIVILEGE)
FOR PRIVILEGE IN ('SELECT',
              'UPDATE',
              'INSERT',
              'DELETE',
              'EXECUTE',
              'FLASHBACK',
              'ON COMMIT REFRESH',
              'ALTER',
              'DEQUEUE',
              'INHERIT PRIVILEGES',
              'DEBUG',
              'QUERY REWRITE',
              'USE',
              'READ',
              'WRITE',
              'INDEX',
              'REFERENCES'))
ORDER BY TABLE_NAME;
</CODE>