Robert Lockard is a professional Oracle Designer, Developer and DBA working in the world of financial intelligence. In 1987 his boss called him into his office and told him that he is now their Oracle Wizard then handed him a stack of Oracle tapes and told him to load it on the VAX. Sense then, Robert has worked exclusively as an Oracle database designer, developer and Database Administrator. Robert enjoys flying vintage aircraft, racing sailboats, photography, and technical diving. Robert owns and fly’s the “Spirit of Baltimore Hon” a restored 1948 Ryan Navion and lives in Glen Burnie Maryland on Marley Creek
Between ongoing data breaches and emerging technologies constantly coming out, you need to ask the question. “Is my information secure?” On October 11th we will be hosting a security day with Oracle Corporation in Reston Virginia.
When: October 11, 2019 0900 – 1500
Where: 1910 Oracle Way, Reston, VA, 20190
Executive level presentations on: Cybersecurity Challenges, 5G Security, Machine Learning and AI Security, Blockchain, Cloud Security, and Cybersecurity Maturity Model Certification (CMMC)
Technical presentations on SQL Developer Security Enhancements, APEX Security, Secure Coding, Database Security, Transparent Data Encryption, Encryption Key Management, and Middleware Security.
Panel Discussion: Four experts, ask any information security question.
Schema only accounts. There is no good reason for anyone to connect to an application schema as the owner. In Oracle 18c, we now have schema only accounts. Okay, I had to double check if this was available on 12c this morning. Yea’ it did not work.
Now in 18c, we have the schema only account. Now, just what
is a schema only account. It is an account that can hold database objects and
there is no password to connect to the account. Therefore, to do maintenance on
the account, you need to connect through a proxy user.
To connect to the schema only account, use <proxy user>[<schema user>]. In this case, we are already connected to sqlcl, so we’re going to use conn rlockard[test_data]@orcl. Once connected, the account is limited to the privileges to what was given to the schema only account. In this case, the schema only account is granted connect and create table. So, when we try to access sys.dba_objects, we get an ORA-00942 error.
You can maintain an application schema and nobody needs to
connect at the application owner.
#DataPrivacy, #InformationSecurity all require critical thinking. Sadly, there is not a lot of that going around these days. People are purposely sending photos to have them aged without vetting the company they are going to. We are now have #DeepFakes that use AI to blend faces into composite images and video. Just google DeepNude, that uses AI to undress photos of women. The company based in Estonia closed its doors; however, if you check the website, they are now selling their product for someone else to make money off it. I personally don’t care what country data is stored in. I care about the stewardship of the information. I care about the manipulation and misuse of your data
To quote a dear friend of mine. “free cheese is only in the
On Monday July 22 I will be speaking at IEEE International Conference on Software Quality, Reliability, and Security. https://qrs19.techconf.org/ This is going to be a two hour tutorial on designing and coding a secure database system.
I see a lot of effort put into network and end point security; however, at the same time many organizations are only giving lip service to database security. You database is the last line of defense of your organizations crown jewels. So come on out, I will help you wrap your head around database #infosec.
If you get a message like this, don’t call back, hang up the phone. This is a scam. Police will not call you, they’ll knock on your door. Remember, a crooks primary goal is to separate you from your hard earned money.
Make sure your private information is not exposed. Your disk still has all your information even if you delete the data. When you delete information from your disk, what happens is the index pointing to your data is deleted, your data is still on the disk. If you’re like me, you have photos, documents, and emails. I don’t know about you, but I don’t like people reading my private emails to friends, customers, and acquaintances.
Blancco and data recovery company Ontrack performed a study of 159 disk drives purchased on ebay. Ontrack recovered information from 42% of the drives. Now, personally I don’t sell my used equipment; however you might do that. There is an easy and safe way to sell your old devices and not worry about exposing your information to strangers.
I use the free version of CCleaner. (Note: I have not received any compensation for this, it’s just the tool that I use) CCleaner has the ability to securely delete information on the disk and also keep your disk from getting cluttered with junk that windows does not clean up. Personally I run this about once a week.
When you select wipe free space, You’ll get a popup window that will tell you the process will take a long time. So, this is not something you want to run on a regular basis. When I’ve run it in the past, it has taken three days to run on the 1T drive in my laptop.
Once you’ve installed CCleaner, select Options, then under settings select the Secure Delete and in the pulldown select how secure you want your deletion. I use Advanced Overwrite 3 pass, this is pretty secure. This option will overwrite your deleted files three times with random data and if you select wipe free space, it will overwrite your free space three times with random data.
This year has been busy, and I don’t see it slowing down anytime soon. Life is good. The my chapters are all finally in for the Database Security book, now it’s time to edit. After reading the audit chapter, I’m not really happy with it. Once I’m done editing it, the version APRESS gets back may not look a lot like v0.1.
This May my travels are going to take me to Kiev Ukraine, Chișinău Moldova, Helsinki Finland, Stockholm Sweden, back to Kiev, and home just in time to celebrate my 59th birthday (am I starting to get old?). I’ll be speaking in Helsinki at the Full Stack Developers Conference on PL/SQL Secure Coding Practices https://fsdc.fi/ then heading over to Stockholm to do a couple talks on Holistic Database Security, Secure Coding Practices, and discuss Privilege Analysis.
June is going to be a bit easier, I’ll be in Bulgaria for BGOUG to talk about Privilege analysis and Leadership; then back to Chișinău and Barcelona to take care of some business.
July, oh, that’s simple, back to Bulgaria again (third trip there this year) where I’ll be speaking at the IEEE International Conference on Software Quality, Reliability, and Security. https://qrs19.techconf.org/track/tutorials The topic, Database Secure Coding and Design.
I’m going back to my speaking roots in May. Oracle Users Group Finland gave me my first opportunity to speak on database security many years ago.
This year we’ll see some of my favorite speakers in Helsinki.
First up, Heli From Finland. (she uses that because nobody can pronounce her last name.) Feel free to try at her last name Helskyaho, bet you can’t pronounce it either. Some of the things you may not know about Heli, she was a ballerina, travels more than me, and loves to show people her city Helsinki, is an Oracle ACE Director, and a PhD student. This year, she’ll be speaking on “The Basics of Machine Learning.”
To register for the Full Stack Developers Conference, follow the bouncing link. 🙂 https://fsdc.fi/
This is my favorite time of the year. The weather is starting to get warm, the sun is shining, and my passport is in my pocket.
We are in for a special treat. I had the pleasure to meet Olesya when I spoke to students at Moscow Polytechnic University last November. She’s one of those people you meet and immediately know she has her act together. Olesya’s super power is art, creativity, and the art of communication (check out her Instagram page @lezka) An associate professor at Moscow Polytechnic University for 20 years, she is responsible for soft skills. (If you’ve spent any amount of time in this industry, you know some people what could use some soft skills training.)
Olesya will be giving two presentations at BGOUG this June. “Creative Thinking in Digital Cosmopolitans’ world” and ” Communication Trends in Global Village: way to utopia or skepticism.” Part of her abstract for “Creative Thinking” says, “Think as…”strategy” (Think as a child, Think as a minimalist, Think metaphor, Think visually,”) I’m chomping at the bit to hear what she has to say. We are living in a time when things are changing fast; her message is vital to staying ahead of the curve. Can you tell, I’m excited about having the opportunity to listen to her? You should be too. Sign up for the BGOUG Spring Conference to have the opportunity to meet and listen to some of the top speakers in the world. (I have it on good authority that even Martin Widlake will be there) http://website.bgoug.online/en/events/details/103.html
Next week, April 4 – 5, I’ll be in Dublin Ireland for OUG Ireland 2019 https://ukoug.org/page/ougIreland2019 where I’ll be speaking on Holistic database security, and secure coding, followed by heading to Belgrade Serbia, and Sofia Bulgaria to give my talk on staying ahead in an ever changing IT environment. Sounds kinda anticlimactic compared to Olesya 🙂
I learned this morning a dear friends elderly relatives received a number of calls from someone claiming to be from their bank. I won’t go into all the issues; however there are some things everyone should be aware of. BTW: This not only applies to banks, this applies to any call you receive (Bank, IRS, Police, Insurance Company). There are a lot of criminals out there, please, don’t be a victim. For those who don’t know me, I spent twelve years at Financial Crimes Enforcement Network (FinCEN) I know a bit about this.
Remember the criminals top priority is to steal from you.
Your bank will never call you and ask for personal information. Sometimes this is hidden with, “we must verify your identity.” Bottom line, your bank will not do this. This is a trick to steal from you.
It is very easy to spoof a phone number. Do not trust the phone number that is displayed.
If you receive a call from someone claiming to be from your bank, get their Name, Phone number, and department. Then call the bank at a phone number you know is good and ask to be connected.
If the bank can’t find that person, ask to speak with the fraud department. They can investigate.
These call will try to create a sense of urgency, that you must talk to them now. Do not fall for it. This is just another trick criminals use to steal from you.
Last piece of advice, Hang up the phone and block the number.