• United States

Oracle admits to database security holes

Aug 04, 20047 mins

Latest security news.

Oracle, under fire, admits to database security holes, 08/03/04

Oracle has acknowledged the existence of multiple security holes in its database software and said it plans to issue a security alert shortly. The U.K. security expert who found the holes criticized Oracle’s conduct, saying that it has been sitting on patches that would fix the holes for about two months.

Latest patch for IE holes released by Microsoft, 07/30/04

Microsoft Friday issued a much-anticipated patch for three vulnerabilities that have recently caused some havoc among users of its Internet Explorer browser.

IT departments must cope with Patriot Act, university CIO says, 08/03/04

Nearly three years after its enactment, the USA Patriot Act remains not just a political but also a technological issue on many college campuses.

Weblog: Another week, another WLAN “controversy”, 08/02/04

Aruba Networks says it has documented an attack that exploits over wireless several well-known and long-standing RADIUS vulnerabilities.

Weblog: Summer reading in security, 08/02/04

If you’re the type who goes on vacation with a crime mystery or thriller to read, you might want to take “Wi-Foo, The Secrets of Wireless Hacking,” published by Addison-Wesley, about 802.11 Wi-Fi networks.

Opinion: Demand higher-quality software, 08/02/04

Avoid the worst consequences, address complexity and balance security with other business needs by working through the issues using a systematic approach and your organization will come out OK.

Weblog: More sales, more threats, 08/02/04

E-commerce sales are up — but so are security attacks.

Technical Update: ID management establishes trust, 08/02/04

As businesses start deploying distributed federated models to solve identity management problems, the Liberty Alliance has developed the Liberty Identification Federation Framework 1.2 specification.

Opinion: Spam cure: Nail the vendors, 08/02/04

Get the phone numbers of the vendors of Viagra, penis enlargers and other multilevel marketers.

Practice safe chat, 08/02/04

Unprotected messaging can cause serious security and compliance problems.

Positively false, 08/02/04

Yes, anti-spam measures are easy and inexpensive but the devil lies in the management.

Microsoft prepping directory upgrade, 08/02/04

Microsoft says it is readying synchronization technology that makes it easier and safer for companies to build directory-enabled applications that sit on Windows servers in certain departments or outside corporate firewalls.

P2P drag on nets getting worse, 08/02/04

Peer-to-peer traffic has reached an all-time high across the Internet, bringing with it heightened security and legal threats for companies that fail to rid their networks of these popular applications.

Software protects data on corporate handhelds, 08/02/04

Scrambling corporate data on handheld devices to protect it should get easier with new software from Extended Systems.

Bringing WLANs into the management fold, 08/02/04

James Wiedel didn’t purchase a product specifically to manage the wireless LAN infrastructure at the University of Southern California in Los Angeles.

Microsoft offers $1 million for secure computing curricula, 08/02/04

Microsoft’s research group is making available $1 million to help create courses in computer science, business and law that focus on secure computing.

European Parliament tries to quash passenger data deal, 07/30/04

The European Parliament has filed a request with the highest court of the European Union to quash a deal to hand over sensitive airline passenger data to U.S. authorities.

Newsletter: Give the IT department a helping hand, 07/29/04

When it comes to e-mail and instant-messaging security policies, IT departments often face the worst of both worlds: they bear most of the responsibility for creating and enforcing basic security policies, while most of the need for these policies involves information that is unrelated to IT, such as the protection of confidential financial or personnel information.

Newsletter: SonicWall pops out three small-office VPN appliances, 07/29/04

SonicWall is introducing three small-office VPN appliances based on a single hardware platform, the TZ 170 appliance introduced last year.

Newsletter: Catching phish, 07/29/04

What is this, a change of topic? I’ve gotten tired of network security and am turning to sports news? Or old-time rock ‘n’ roll?

Newsletter: What the various remote security vendors do, 07/29/04

Last time, we noted that iPass had announced an intent to coordinate enterprise network security policies with assessment and remediation of various types of security software you might be running on mobile users’ client devices.

NIST says DES encryption ‘inadequate’, 07/29/04

The National Institute of Standards and Technology is proposing that the Data Encryption Standard, a popular encryption algorithm, lose its certification for use in software products sold to the government.

Newsletter: Forum XWall extends Microsoft ISA Server 2004, 07/28/04

Late last year, I wrote about Forum Systems’ Forum Sentry XML security appliance. Since then, Forum hasn’t been resting on its laurels and this month sees the release of Forum XWall for Microsoft Internet Security and Acceleration Server 2004, Microsoft’s application-layer firewall, VPN and Web caching system.

Newsletter: Virtualizing security services in the data center, 07/27/04

Enterprise security is often compared to a piece of candy: hard on the outside, soft on the inside. The problem with this model is that if your perimeter is breached, the damage can quickly spread from application to application.

Newsletter: CipherTrust keeps e-mail safe from prying eyes, 07/27/04

E-mail security is something that everybody says they need, but many fewer actually implement.

Newsletter: When strong authentication is needed, 07/27/04

A couple of weeks ago, we outlined some of the concerns users have about the security of VPNs for corporate use, and some readers have written in saying that their concerns aren’t necessarily about the security of the IP tunnels themselves. They are more worried about how remote users are authenticated to the network and how secure that authentication method is.

Newsletter: Windows XP security checklist, 07/27/04

Take advantage of our tax dollars at work. The National Institute of Standards and Technology Information Technology Laboratory Computer Security Division last month published the draft of a document to help IT professionals secure Windows XP systems.

Navigating the endpoint security maze, 07/27/04

There have been so many announcements during the past year about protecting corporate networks from intrusions and potentially infected mobile and remote clients that it’s becoming difficult to distinguish among them.

DoubleClick downed by denial-of-service attack, 07/27/04

Internet advertising company DoubleClick Tuesday was shut down by a denial-of-service attack launched from computers on the Internet, a company spokeswoman confirmed.

Weblog: Pining for IE (sorta), 07/27/04

Scott Mace installed his first Firefox browser patch: “I missed Windows Update! The Mozilla/Firefox patch mechanism essentially requires users to inspect Firefox afterward to confirm that the patch ‘took.’ I’d rather have the Windows Update-style confirmation process.”