Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle Patches Its Security Patches - Database patches fix flaws found in previous fixes"] [Next entry: "web seminar for Oracle roadmap of Oblix integration"]

Oracle's encryption not secure, researcher says - Alexander Kornbrust plans to detail his findings at Black Hat



Rado has made a post in my Oracle Security Forum today titled "Alexander Kornbrust - Black Hat 2005 Presentation" that raises some good points about the effectiveness of the security imposed by Oracles built in database encryption methods. He is referring to Alex's presentation at the Black Hat conference going on now in Las Vegas. He also mentions a news article written by Robert McMillan on Computer World titled "Oracle's encryption not secure, researcher says - Alexander Kornbrust plans to detail his findings at Black Hat".

This news article starts by talking about the content of Alex Kornbrusts presentation at Black Hat in Las Vegas where he is going to say that Oracles standard database encryption mechanisms are weak and can be easily circumvented. Alex says most customers think that if they encrypt data with Oracles tools then it is safe - He says that this is not the case and a hacker can easily retrieve data such as credit card numbers from production databases. There are some interesting reactions from Paul Needham, the Oracle director of product management and some discussions about TDE and its cost per processor. This is a good article and worth reading. It is a two page article and page two is here.