Oracle Chief Security Officer Mary Ann Davidson writes about the myths and misunderstandings surrounding security and how security researchers can actually become the problem. The three misguided notions Davidson focuses on are that fixes can be done in a matter of days, that researchers increase their business by finding more bugs, and that researchers deserve credit for every bug they find.
The latest next-generation product in EMC’s high-end Symmetrix storage line is DMX-3. Scheduled to ship in September, DMX-3 currently supports up to 960 disk drives, and will be capable of supporting up to 1,920 disk drives by the first half of 2006. By the end of 2006 it should be up to 2000, and will be able to store a petabyte of data once fully configured.
Oracle 126.96.36.199 patch set is now available for Windows.
According to security expert Alexander Kornbrust, Oracle’s standard encryption mechanism can be easily circumvented. Korbrust intends to give a presentation later this week at the Black Hat 2005 security conference demonstrating how Oracle’s encryption can be broken.
Oracle seems to be scaling its pricing very loosely to the performance boost that comes from the additional cores in multicore processors, keeping in mind that performance may sometimes be as much as double, but often not.
Security firm Red Database Security has decided to publish in detail six vulnerabilities that Oracle has not fixed in over 650 days. The flaws range in severity, with three classified as high risk with the potential to compromise a server or overwrite files.
The ‘skip tablespace’ command when doing an RMAN duplicate database will work for self-contained tablespaces, but not for a set of self-contained tablespaces. In other words, if each tablespace can be individually dropped, its fine, but where the indexes are placed separately from the tables, this won’t work for the duplicate. Oracle calls it “not a bug”.
Although nearly 50 vulnerabilities were fixed with Oracle’s most recent quarterly patches, experts are saying that numerous critical issues haven’t been addressed at all.
Pete Finnegan, renowned Oracle security expert asks “Where are the large numbers of fixes expected? Alex Kornbrust and Esteban Martinez Fayo have big lists of bugs, some reported over 18 months ago, some high risk, that have still not been fixed. Will Oracle never get around to fixing these bugs?”
Oracle has released a new critical patch with several vulnerabilities simultaneously announced and fixed. Various versions of Oracle products, including its database, application server and 11i E-Business Suite, are part of this latest update.
Oracle ACE Arup Nanda presents his list of the top new Oracle Database 10g Release 2 features for database administrators.