Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Pete Finnigan webinar "The right way to secure Oracle""] [Next entry: "The right way to secure Oracle slides available"]

Rogue DBAs: Hidden Inside Security Threat

Jared posted a link to this article on the Oracle-l list a couple of days ago and i marked it to blog when i got the chance and as my PC has just started to install a patch and will need a reboot I decided to do a quick blog post. The article is called "Rogue DBAs: Hidden Inside Security Threat" and is quite interesting.

This really highlights the current problems. People are starting to take database security seriously but we still have a very long way to go. The current evidence suggests that most sites have not done the basics and most likely have not turned on audit in the database; if they have its probably not being monitored and almost certainly privilege user access is not monitored and even if it is it can be bypassed by the people being monitored. This is just a fact of life that i see day to day at customer sites. The landscape is changing though and a lot more people are taking database security seriously and also have allocated budget for it; times are changing. As the article says we dont hear of these cases often; well I do know of others but they are not public; why do we not hear more? ... I leave that to you to guess..... but are the business even aware of theft going on???