- +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network - +
Remote Control 09/10/2006 12:05:21
Being able to reach employees around the clock is tempting for employers; for employees, being able to access work systems from home suggests better work-life balance. But for CIOs, there are significant technical and management challenges to be faced first.Google should shoulder some responsibility for remote access to corporate information systems. Its Internet engines suggest it is possible to access anything anywhere anytime. If Google can do it, executives argue, why not rip down the walls on corporate information systems and let employees access them anytime anywhere too? - +
It Is the Business, Stupid 10/12/2006 13:59:51
When projects go pear-shaped it's usually because there's too much focus on technology, and not enough on business outcomes and associated changeIn a 2005 article"Why Software Projects Fail", Cutter Consortium Fellow Robert Charette narrates an infamous anecdote about a disappearing warehouse. - +
Consumer Appeal 06/11/2006 14:04:24
Your end users are downloading Skype and sharing links to company Web pages on Del.icio.us. But don't panic. Although emerging consumer applications can pose security risks, here are five that offer business benefits if you manage them well.When Paul Tang first downloaded Google's desktop search application, he was impressed by its speed and power. Instead of painstakingly looking for data and files on his hard drive, he could find them with the ease of a Web search. However, Tang, chief medical information officer at the Palo Alto Medical Foundation (PAMF), quickly realized that the slick application could also be dangerous. - +
SOA: Here Be Dragons 06/11/2006 11:04:24
With the SOA potentially creating reusable software code that must be accessed dynamically by composite applications, both inside and outside the firewall, the traditional roles and responsibilities of IT have been forever changed.It's the hot technology for most large companies, but business, technical and cultural issues must be addressed for a successful SOA implementation.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
A software security expert warned users of Oracle Server that a software flaw could allow any user to read, modify, and delete data used by Oracle applications; he also says that Oracle may have unwittingly shown hackers how to exploit the previously unknown hole.
Alex Kornbrust of Red-Database-Security said on Monday that an article posted on Oracle's MetaLink knowledge base on Thursday identified an unpatched and previously unknown security hole in Oracle Server Enterprise Edition Version 9.2 to 10.2.0.3 that allows Oracle users with read-only privileges to delete or modify rows of data used by Oracle applications. Sample code published with the knowledgebase article showed Oracle customers how the flaw could be exploited, he said.
In an e-mail statement, an Oracle spokeswoman said the company is aware of the vulnerability Kornbrust identified and is preparing a patch to address it in a future Critical Patch Update (CPU).
Oracle removed the article from MetaLink after being informed of the security threat it posed. However, malicious hackers with access to MetaLink may have already copied the exploit code from the knowledgebase article, said Kornbrust, an expert on Oracle security.
The vulnerability affects an Oracle view called an updatable join view, which allows Oracle customers to dynamically update or delete information in underlying database tables, according to the knowledgebase article.
Kornbrust said users with SELECT privileges on a database table, which allows them to read and display data from the table, can instead delete, update, and insert new data into a table using the exploit detailed in Oracle's MetaLink article.
Kornbrust declined to publish details about the exploit, but said it is possible that malicious users may have copied the exploit code from the MetaLink article.
The problem is with Oracle's internal privilege checking routines, Kornbrust said.
The vulnerability will not affect data stored in the Oracle data dictionary, which stores the core information, such as tables of user accounts and database objects, used by the Oracle database. However, the flaw could be used to circumvent user permissions in software applications that rely on Oracle, Kornbrust told InfoWorld.
A malicious hacker would need to be able to log on to the vulnerable Oracle database, but even low level "read only" or guest accounts could be used to insert, update or delete data, he said.
"The impact of this on custom applications can be huge and eliminate the entire (user) role concept," he wrote in a post to the Full Disclosure security discussion list.
In an e-mail statement, Oracle's spokeswoman said security is a matter the company takes seriously and stands by the inherent security of its products, but that "we are always working to do better."
Oracle administrators looking for a temporary fix for the problem can remove the CREATE VIEW privilege for low-level accounts, Kornbrust said. That privilege was granted, by default, to user accounts for in versions of Oracle's database up to 10g Rel 2.
Computerworld Member Login
Beyond Virtualisation - The Roadmap to 2012
CIO Breakfast Briefing
8:30am - 10:30am
Brisbane | 22 July | Sofitel Brisbane
Sydney | 23 July | Four Seasons Hotel
Canberra | 24 July | The Hyatt
Attend and discover:
- What happens after virtualisation
- The benefits automation drives
- When automated infrastructures will emerge
- What the roadmap to 2012 looks like
- How to deliver an automated architecture
- How to maximise your investment in virtualisation
- +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future. - +
Data Management Edition #9: Data centre makeover 24/04/2008 07:43:06
This week CW Live looks at the death of the old style data centre which is undergoing its first makeover in more than 30 years.
Satyam’s Q1 revenue up by 43% and Net Profit by 45% YoY; revises revenue and EPS guidance upwards for FY09 2008-07-18 16:58:00+10
Informatica Reports Record Second Quarter Results 2008-07-18 13:01:00+10
Tumbleweed Releases MailGate 3.6 2008-07-18 10:01:00+10
Convergys to Acquire Intervoice, Enhancing Leadership in Relationship Management 2008-07-17 14:41:00+10
Borland Management Solutions Put the "M" in Application Lifecycle Management 2008-07-17 13:43:00+10
Market Trends: Multienterprise/B2B Infrastructure Market | Worldwide | 2008
Garner says global 2000 companies will double their multi-enterprise traffic in the next 5 years. Discover the key technology and business drivers that will enable this.
