Pete Finnigan's Oracle Security Weblog

I got emails from UKOUG last week to say my talk for the conference has been accepted. My talk / presentation is titled "Identifying Your Self In The Database" and is about the problems of identifying end users in the database. I am going to look at how identifiable people really are: DBA's and normal users, the risks from spoofing and also some ideas on properly identifying users.

My Oracle security rouns table session has also been accepted for the fourth year in a row. This is great as this is normally a very enjoyable session with lots of open and free discussions. I normally invite a couple of co-speakers to give the expert content some breadth and this year will be no exception.

I am also going to be teaching my class how to perform an audit of an Oracle database in Vienna on the 19th and 20th of October. This will be great as I worked in Vienna for almost 2 years in the 1990's so it will be nice to be back there. Its still possible to register for the class, simply go to the bottom of the page linked above and click on the registration link for the Austria/Vienna class.

Finally I saw a post by David Litchfield on the Oracle-l list today where he asks everyone to take part is a bvery quick 2 question survey; the two questions are: 1) do you review access logs to see if your database has been broken into and 2) if so what tools do you use and if not, why not and what tools do you need.

David is working on a product in the database forensics space so its obviously useful to him but i also hope he will publish the results as it will be really interesting to see them and for me personally to compare the results with what i see in real life day to day performing security audits of Oracle databases.

Please spend less than a minute and wiz over to http://www.v3rity.com/survey.htm - (broken link) Davids Oracle Log Checking Survey and fill in the questions.

Thanks!