Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Oracle no longer a 'bastion of security': Gartner

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Oracle no longer a 'bastion of security': Gartner
Date: Tue, 24 Jan 2006 00:30:31 -0600 (CST) 
http://www.zdnet.com.au/news/security/soa/Oracle_no_longer_a_bastion_of_security_Gartner/0,2000061744,39234277,00.htm

By Munir Kotadia
ZDNet Australia
24 January 2006

Analyst group Gartner has warned administrators to be "more
aggressive" when protecting their Oracle applications because they are
not getting enough help from the database giant.

Gartner published an advisory on its Web site just days after Oracle's
latest quarterly patch cycle, which included a total of 103 fixes with
37 related to flaws in the company's database products. Some of the
flaws carry Oracle's most serious rating, which means they're easy to
exploit and an attack can have a wide impact.

According to the advisory, which was posted by Gartner analyst Rich
Mogull on Monday, "the range and seriousness of the vulnerabilities
patched in this update cause us great concern.? Oracle has not yet
experienced a mass security exploit, but this does not mean that one
will never occur."

Mogull said that because Oracle has historically been seen as having
very strong security and many of Oracle's products are located "deep
within the enterprise", administrators often neglect their patching
duties.

"Moreover, patching is sometimes impossible, due to ties to legacy
versions that Oracle no longer supports. These practices are no longer
acceptable," said Mogull who advises administrators to pay more
attention to securing their Oracle applications.

Mogull said administrators should:

* Immediately shield these systems as well as possible, using
  firewalls, intrusion prevention systems and other technologies.

* Apply available patches as rapidly as possible.

* Use alternative security tools, such as activity-monitoring
  technologies, to detect unusual activity.

* Pressure Oracle to change its security management practices.

In response to the Oracle patch release, Symantec raised its ThreatCon
global threat index to Level 2, which means an outbreak is expected.  
It typically does that after a patch release because malicious hackers
might use the fixes as a blueprint for attacks.

CNET News.com's Joris Evers contributed to this report

Copyright © 2006 CNET Networks, Inc.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Oracle no longer a 'bastion of security': Gartner, InfoSec News <=
Previous by Date:  [ISN] OpenSSL gets NIST certifications, InfoSec News
Next by Date:  [ISN] 22 police officers complete anti-terror training, InfoSec News
Previous by Thread:  [ISN] OpenSSL gets NIST certifications, InfoSec News
Next by Thread:  [ISN] 22 police officers complete anti-terror training, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]