Category Archives: Database Stuff
Next month is going to be a busy – Atlanta, Helsinki, Saint Petersburg, Moscow, Sofia Bulgaria, and London
May 10th I will be speaking In Atlanta Georgia on Holistic Database Security at Georgia Oracle Users Group Tech Days 2017. I have not decided if I’m flying 81K down or flying commercial yet. I may just go ahead and … Continue reading
@Oracle 220.127.116.11 Cool new features to improve security. Part 2 TDE support to encrypt SYSTEM, SYSAUX, TEMP and UNDO tablespaces. #infosec
Are you gathering statistics on your data? Are you running Transparent Data Encryption, then it’s time to upgrade to Oracle 18.104.22.168. Pretty cool, eh? So what’s happening here? Statistics that were gathered on the hr.employees table are stored in the … Continue reading
I have lost count of the number of times I’ve given the Holistic Database Security talk. The talk has evolved over the years, it continues to evolve, and is a mature presentation. Yesterday at Collaborate 2017, It Happened! I was asked … Continue reading
In Oracle 12.1 the ACCESSIBLE BY clause was introduced to the PL/SQL language. This gives the developer the ability mark a package, procedure, function, or type with what was allowed to call it. 12.2 gives us fine grained control over … Continue reading
I’ve been getting a lot of these emails lately. If you receive an email with an attachment and you did not expect it, or in this case if you did expect it. Take a closer look. This Christmas season, a … Continue reading
My 2017 speaking schedule is starting out with a bang. My first stop will be in Moscow Russia where I am trying to arrange a short speaking engagement in conjunction with the Russia Oracle Users Group. Hopefully we can arrange … Continue reading
Hacking the Human Brain presentation is coming together, We are going to have a lot of fun in this one. We have programmed our brains with a lot of bullshit rules so we need to question all the rules in … Continue reading
I recently had the opportunity to look at Snowflakes security model. This is what I think. http://www.snowflake.net/blog/data-safe-cloud
Locking down a database (applying STIGs) you need to check to see if the listener is running http. If you don’t need the http service, turn it off. Turning off http will reduce the attack surface. Step 1) Is http … Continue reading
I have seen this twice in the past week. A customer requirement is to migrate their Oracle database to a new server and they want encryption implemented.The steps defined in the request is Migrate then Encrypt. This is backwards. You … Continue reading
I was struggling last week getting mkstore and sqlcl to work together. sqlcl is Oracle’s new command line interface. For more on sqlcl see http://www.oracle.com/technetwork/issue-archive/2015/15-sep/o55sql-dev-2692807.html. I have been using sqlcl almost exclusively for the past year and love it. I … Continue reading
Phishing has gotten more sophisticated over the years. Spelling and grammar has gotten better making phishing attempts more difficult to spot. There are some out there who did not get the memo and very easy to spot. You still need to … Continue reading
An enhancement I would love to see in Business class lounges. @aeroflot @icelandair @AmericanAir @KLM @airfrance @british_airways
It goes without saying I spend way too much time traveling and fortunately, most of the time I can fly myself in my 1948 Navion when the hop is less then 1,000 nautical miles. Now quite frankly I love the … Continue reading
The fall is filling out fast. I will be speaking at Oracle Open World 2016 on Holistic Database Security. Then speaking in November at the East Coast Oracle User Group on Holistic Database Security. I currently have papers in to … Continue reading
Last week one of my customers called me into a meeting to discuss moving a critical application to the cloud. This application is very sensitive to the customer and the data it holds is very sensitive to my customers customer. … Continue reading
Steve Feuerstein and I chat about Securing PL/SQL from SQL Injection. https://docs.google.com/presentation/d/1xAC-BKik-h08I_dTV2cHHba-xAdFkHRftjO1uAoj-wM/edit?usp=sharing Here is a link to the youtube video of our chat.
I have spent the past several weeks interviewing potential Senior Oracle DBAs. Two made the cut. Why did they make the cut? Most people did not make the cut. Why did they not make the cut? Who got hired? Why … Continue reading
Last week I was at Oracle Cloud World working at the ODTUG booth. This gave me the opportunity to talk to a lot of people who are seriously looking at moving their environment to the cloud. While chatting with these … Continue reading
If you are running a data pump export of your encrypted database and you do not specify encryption or encryption_password then the data will be stored in plain text. This will give you the ORA-39173 warning.
Do you spend a lot of time in sql developer working your very large package? Have a look at the quick outline from Jeff Smith of Oracle SQL Developer fame. Besides being a great Product Manager (hey Uncle Larry, give … Continue reading
We all make new years resolutions but frequently we wind up abandoning them. So make a list of what you want to accomplish. I carry around with me a notebook that I am constantly writing in. What is my top … Continue reading
We are stewards of our customers data and need to do better. <OPINION> I would give us a big fat “F” for data security in 2015.</OPINION> What happened and what needs to be improved? We saw weak passwords, lack of … Continue reading
One of my favorite channels on youtube; numberphile explains RSA Encryption better then I could.
I’m honored and humbled. Last month I received an email from Steven Feuerstein letting me know I was selected as a finalist in the Oracle Developers Choice Awards for my work in Database Security and outreach to the community. This … Continue reading
#infosec #LetsSecureThisTogether This is going to piss some people off. The C suite needs to have this conversation.
Get the words best practice out of your vocabulary.” I have been at many customer sites that needed my expertise, and someone says to me in a meeting, “well what is the best practice to secure our information.” I’m going … Continue reading