Gartner: Oracle Needs To Come Clean On Vulnerability
2004-11-12 13:16:00
Oracle's refusal to get specific about the vulnerabilities addressed by a recent patch increase the risk to customers, a pair of Gartner analysts alleged Thursday.
Gartner's Neil MacDonald and Rich Mogull said that Oracle has declined to provide more detailed information about the vulnerabilities that spawned a patch first released in August, then re-released in October. Although keeping mum is Oracle's standard policy, the analysts took the company to task for not spelling out the consequences of not applying the patch, and more important, whether the vulnerabilities affect older, non-supported versions of Oracle's Database Server, Application Server, and Enterprise Manager.
"At worst, [this means] records in every Oracle database you own could be vulnerable," the pair wrote in an online alert posted to the Gartner Web site.
It may be smart to not provide hackers information that could be used to craft exploits, but that "differs from offering information about the implications of not protecting yourself against that exploit," the guys from Gartner wrote. "System administrators don't have enough information to decide which servers to prioritize or which data is most vulnerable."
And if Oracle offered more detail about the vulnerability, customers might be able to set up defenses, such as deep-packet inspection firewalls, intrusion prevention systems, and application firewalls to protect themselves against attacks, they added.
MacDonald and Mogull recommended that enterprises using the Oracle products apply the patches to supported versions. If older editions are in use, such as 7.x or 8.0x, they advised companies to either upgrade immediately or switch to a rival database.
They also urged Oracle customers to put pressure on the Redwood Shores, Calif.-based database giant.
"Ask Oracle to follow Microsoft and other leaders that disclose the details of their vulnerabilities and provide security patches freely to anyone on any supported version of their products," they recommended.
|
|
Microsoft Snatches PDA Market Lead From PalmSource
Microsoft Corp. led the market in the third quarter for operating systems used in personal digital assistants, surpassing for the first time the Palm OS that dominated the handheld-computer segment for years.
McAfee Battles Spyware With Enterprise Add-On
McAfee on Monday announced an add-on to its enterprise anti-virus software that boosts spyware protection for businesses. Called McAfee Anti-Spyware Enterprise Edition Module, the add-on integrates with McAfee's VirusScan Enterprise 7.0 and 8.0i, said John Bedrick, a product marketing manager at the Santa Clara, Calif.-based security vendor.
IAB Releases Reporting Standard For Online Ad-Viewership
The Interactive Advertising Bureau unveils standards for helping buyers determine whether the seller of online advertising has met the promised level of ad viewership.
New Tools Aim To Lock Up Wireless Networks
Wireless network security startup AirTight Networks Inc., formally named Wibhu Technologies, landed more than $10 million in venture funding this week The funding will be used to launch a wireless-LAN firewall application later this month. AirTight's SpectraGuard firewall will help companies map wireless sensors throughout their networks, precisely locate and track wireless devices, and protect wireless networks from attack.
Verisign: Better Hackers Behind Attack Boom
Security events in the third quarter jumped 150 percent over the same period last year, fueled by more sophisticated hackers writing better code who are more interested in dollars than creating computer disasters, said Internet security firm VeriSign Tuesday.
Enron E-mail Study Shows Liability Nightmare
A study of millions of Enron e-mail messages found scores of messages with content that posed all kinds of potential liability risks. The review shows once again that corporations and corporate employees need to watch what they say in e-mail, the study concluded.
Trojan Hijacks Browser, Sends User To Porn Site
Unwary surfers infected by a new Trojan horse may be in for a shock when their browser is unexpectedly redirected to a hard-core porn site, a security firm warned Wednesday.
IDC Sees Bright Future for IT Services
Companies and governments will spend $553 billion on external IT services on a worldwide basis this year, even as the services industry works to redefine itself, IDC said in a report released Wednesday.
Google Searches For Scholars
Google rolls out a beta search tool designed for academics and other researchers digging through peer-reviewed papers, abstracts, and theses.
More Security Holes Found In Internet Explorer 6.0
Three more vulnerabilities in Microsoft's Internet Explorer 6.0 browser were disclosed Wednesday by Danish security vendor Secunia, bringing the total of IE bugs found by the firm in the last two months to an even dozen.
|
