Category Archives: Database Stuff
Next month is going to be a busy – Atlanta, Helsinki, Saint Petersburg, Moscow, Sofia Bulgaria, and London
May 10th I will be speaking In Atlanta Georgia on Holistic Database Security at Georgia Oracle Users Group Tech Days 2017. I have not decided if I’m flying 81K down or flying commercial yet. I may just go ahead and … Continue reading
Posted in Database Stuff
Leave a comment
@Oracle 12.2.0.1 Cool new features to improve security. Part 2 TDE support to encrypt SYSTEM, SYSAUX, TEMP and UNDO tablespaces. #infosec
Are you gathering statistics on your data? Are you running Transparent Data Encryption, then it’s time to upgrade to Oracle 12.2.0.1. Pretty cool, eh? So what’s happening here? Statistics that were gathered on the hr.employees table are stored in the … Continue reading
Posted in Database Stuff
Leave a comment
Every now and then “It happens.”
I have lost count of the number of times I’ve given the Holistic Database Security talk. The talk has evolved over the years, it continues to evolve, and is a mature presentation. Yesterday at Collaborate 2017, It Happened! I was asked … Continue reading
Posted in Database Stuff
Leave a comment
@Oracle 12.2.0.1 Cool new features to improve security. Part 1 Enhanced Whitelists PL/SQL
In Oracle 12.1 the ACCESSIBLE BY clause was introduced to the PL/SQL language. This gives the developer the ability mark a package, procedure, function, or type with what was allowed to call it. 12.2 gives us fine grained control over … Continue reading
Posted in Database Stuff, infosec, PL/SQL, Security, Trusted Path
Tagged infosec, oracle, pl/sql, SecureCoding
Comments Off on @Oracle 12.2.0.1 Cool new features to improve security. Part 1 Enhanced Whitelists PL/SQL
#Infosec Virus Delivery via Email
I’ve been getting a lot of these emails lately. If you receive an email with an attachment and you did not expect it, or in this case if you did expect it. Take a closer look. This Christmas season, a … Continue reading
Posted in Database Stuff
Leave a comment
2017 European Security Tour, #Moscow, #London, #Paris, #Helisnki
My 2017 speaking schedule is starting out with a bang. My first stop will be in Moscow Russia where I am trying to arrange a short speaking engagement in conjunction with the Russia Oracle Users Group. Hopefully we can arrange … Continue reading
Posted in Database Stuff, infosec, PL/SQL, Security
Leave a comment
#Hacking The Human Brain
Hacking the Human Brain presentation is coming together, We are going to have a lot of fun in this one. We have programmed our brains with a lot of bullshit rules so we need to question all the rules in … Continue reading
Posted in Database Stuff
Leave a comment
Security in the cloud. #Snowflake #infosec
I recently had the opportunity to look at Snowflakes security model. This is what I think. http://www.snowflake.net/blog/data-safe-cloud
Posted in Database Stuff
Leave a comment
Turn off the #http #listener in #Oracle #STIG
Locking down a database (applying STIGs) you need to check to see if the listener is running http. If you don’t need the http service, turn it off. Turning off http will reduce the attack surface. Step 1) Is http … Continue reading
Posted in infosec, Life of a Oracle DBA, Security, Trusted Path
Leave a comment
#infosec #Oracle #Migration #Encryption #2MTT
I have seen this twice in the past week. A customer requirement is to migrate their Oracle database to a new server and they want encryption implemented.The steps defined in the request is Migrate then Encrypt. This is backwards. You … Continue reading
Posted in Database Stuff
Leave a comment
You can use #sqlcl with #mkstore
I was struggling last week getting mkstore and sqlcl to work together. sqlcl is Oracle’s new command line interface. For more on sqlcl see http://www.oracle.com/technetwork/issue-archive/2015/15-sep/o55sql-dev-2692807.html. I have been using sqlcl almost exclusively for the past year and love it. I … Continue reading
Posted in Database Stuff, encryption, infosec
Leave a comment
#phishing #infosec short post
Phishing has gotten more sophisticated over the years. Spelling and grammar has gotten better making phishing attempts more difficult to spot. There are some out there who did not get the memo and very easy to spot. You still need to … Continue reading
Posted in Database Stuff
Leave a comment
An enhancement I would love to see in Business class lounges. @aeroflot @icelandair @AmericanAir @KLM @airfrance @british_airways
It goes without saying I spend way too much time traveling and fortunately, most of the time I can fly myself in my 1948 Navion when the hop is less then 1,000 nautical miles. Now quite frankly I love the … Continue reading
Upcoming speaking engagements two confirmed #oow16 #ecoug16 three waiting #bgoug, #rmoug and ???
The fall is filling out fast. I will be speaking at Oracle Open World 2016 on Holistic Database Security. Then speaking in November at the East Coast Oracle User Group on Holistic Database Security. I currently have papers in to … Continue reading
Posted in Database Stuff
Leave a comment
Questions you may want to start with when moving to the #cloud
Last week one of my customers called me into a meeting to discuss moving a critical application to the cloud. This application is very sensitive to the customer and the data it holds is very sensitive to my customers customer. … Continue reading
As promised: here is the link to the slides for my chat with Steve.
Steve Feuerstein and I chat about Securing PL/SQL from SQL Injection. https://docs.google.com/presentation/d/1xAC-BKik-h08I_dTV2cHHba-xAdFkHRftjO1uAoj-wM/edit?usp=sharing Here is a link to the youtube video of our chat.
Oracle DBA Interview tips: It’s not Rocket Science!
I have spent the past several weeks interviewing potential Senior Oracle DBAs. Two made the cut. Why did they make the cut? Most people did not make the cut. Why did they not make the cut? Who got hired? Why … Continue reading
#infosec issues on moving to the #cloud #DBaaS
Last week I was at Oracle Cloud World working at the ODTUG booth. This gave me the opportunity to talk to a lot of people who are seriously looking at moving their environment to the cloud. While chatting with these … Continue reading
#Oracle #Infosec #Datapump
If you are running a data pump export of your encrypted database and you do not specify encryption or encryption_password then the data will be stored in plain text. This will give you the ORA-39173 warning.
#sqldev #outline
Do you spend a lot of time in sql developer working your very large package? Have a look at the quick outline from Jeff Smith of Oracle SQL Developer fame. Besides being a great Product Manager (hey Uncle Larry, give … Continue reading
My recommendations for making 2016 insanely successful.
We all make new years resolutions but frequently we wind up abandoning them. So make a list of what you want to accomplish. I carry around with me a notebook that I am constantly writing in. What is my top … Continue reading
2015 #InfoSec in review. We get a big fat “F”
We are stewards of our customers data and need to do better. <OPINION> I would give us a big fat “F” for data security in 2015.</OPINION> What happened and what needs to be improved? We saw weak passwords, lack of … Continue reading
#infosec RSA Encryption Explained
One of my favorite channels on youtube; numberphile explains RSA Encryption better then I could.
#ODEVCHOICE #OOW15 Thank you
I’m honored and humbled. Last month I received an email from Steven Feuerstein letting me know I was selected as a finalist in the Oracle Developers Choice Awards for my work in Database Security and outreach to the community. This … Continue reading
Posted in Database Stuff
Leave a comment
#infosec #LetsSecureThisTogether This is going to piss some people off. The C suite needs to have this conversation.
Get the words best practice out of your vocabulary.” I have been at many customer sites that needed my expertise, and someone says to me in a meeting, “well what is the best practice to secure our information.” I’m going … Continue reading