Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Legal aspects of web and software design

This is a little off topic for me and its also quite location specific - I will explain why in a minute. A friend of mine; Dr Eileen McMorrow who is a solicitor specialising in legal aspects of IPR and IP is holding two seminars in York (UK) on the 2nd of November and the 9th of November. The seminars are two hours and include Yorkshire lunch!. I won't go into every detail here as Eileen has created a flyer to advertise the events. I have added the flyer to my site so I can link it here in advance of it being available on Eileens site. The event is called "Legal Issues that face web designers" and the linked flyer explains the event and how to register.

This should be very interesting seminar and I have already booked my place. The subject of IPR, Information and more are becoming synonymous with what we as data security professionals deal with day to day. The ICO (Information Commisioners Office); Stewart Room today today hinted that the Information Commissioner may announce the first ICO fine at the RSA conference - not the same I know but the ideas around data security, IPR and legality of data are all linked.

Personally i am looking forwards to this; if anyone is in York or nearby please think about coming along. Its just £15 to attend and including lunch so really good value.

Conference talks, Training and a survey for David

I got emails from UKOUG last week to say my talk for the conference has been accepted. My talk / presentation is titled "Identifying Your Self In The Database" and is about the problems of identifying end users in the database. I am going to look at how identifiable people really are: DBA's and normal users, the risks from spoofing and also some ideas on properly identifying users.

My Oracle security rouns table session has also been accepted for the fourth year in a row. This is great as this is normally a very enjoyable session with lots of open and free discussions. I normally invite a couple of co-speakers to give the expert content some breadth and this year will be no exception.

I am also going to be teaching my class how to perform an audit of an Oracle database in Vienna on the 19th and 20th of October. This will be great as I worked in Vienna for almost 2 years in the 1990's so it will be nice to be back there. Its still possible to register for the class, simply go to the bottom of the page linked above and click on the registration link for the Austria/Vienna class.

Finally I saw a post by David Litchfield on the Oracle-l list today where he asks everyone to take part is a bvery quick 2 question survey; the two questions are: 1) do you review access logs to see if your database has been broken into and 2) if so what tools do you use and if not, why not and what tools do you need.

David is working on a product in the database forensics space so its obviously useful to him but i also hope he will publish the results as it will be really interesting to see them and for me personally to compare the results with what i see in real life day to day performing security audits of Oracle databases.

Please spend less than a minute and wiz over to - (broken link) Davids Oracle Log Checking Survey and fill in the questions.


Free Oracle Security Webinar Recording On-Line

The free Oracle Security webinar I did with SkillBuilders last week has been put on line by them. The Oracle Security webinar is available here but you need to register with SkillBuilders first to hear it. I have not put up the slides as they are the same talk I have done a couple of times previously. You can find the slides for "The Right way to secure an Oracle database" on my white papers page or direct from the link. The slides differ slightly but not enough to repost.