General


From the Web

Oracle - July 2010 Critical Patch Update Released

July 14, 2010 from: The Oracle Global Product Security Blog

Oracle just released the July 2010 Critical Patch Update (CPUJul2010). This Critical Patch Update (CPU) is the second one to include fixes for the Oracle (formerly Sun) Solaris product line and includes 59 security updates

Comments  (0)


From the Web

Security Alert for CVE-2010-0886 and CVE-2010-0887 Released

July 06, 2010 from: The Oracle Global Product Security Blog

Oracle just released a Security Alert to announce the availability of fixes for two vulnerabilities (CVE-2010-0886 and CVE-2010-0887) affecting Oracle Java SE and Oracle Java For Business. Both vulnerabilities only affect Java when running in a 32-bit web browser. These vulnerabilities are not present in Java running on servers or standalone Java desktop applications and do not impact any Oracle s...

Comments  (0)


From the Web

Internet trading site collective2.com hacked

December 30, 2009 from: Office of Inadequate Security

Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail at a few minutes past noon Wednesday notifying them that the company’s computer database had been breached by a hacker and that all users should log in to change their passwords immediately.

Comments  (1)


From the Web

October 2009 Critical Patch Update Released

October 20, 2009 from: The Oracle Global Product Security Blog

Today's Oracle Critical Patch Update (CPU) provides 38 new security fixes across a number of product groups including: Oracle Database Server, Oracle Application Server, Oracle E-Business Suite, Oracle PeopleSoft Enterprise, Oracle JD Edwards Tools, Oracle WebLogic and Oracle JRockit (formerly from BEA), and Oracle Communications Order and Service Management. Of these 38 vulnerabilities, 19 are re...

Comments  (0)


From the Web

Security Defect Testing

October 08, 2009 from: The Oracle Global Product Security Blog

Software vendors aim to release defect-free products. Earlier posts have discussed Oracle Software Security Assurance (OSSA) program and its processes that aim to get us as close to this goal as possible. Automated testing is an important part of OSSA as it helps catch problems missed in earlier stages of the development...

Comments  (0)


From the Web

Announcement Regarding The October 2009 Critical Patch Update

September 03, 2009 from: The Oracle Global Product Security Blog

Because many Oracle customers with responsibility for deploying the Critical Patch Update within their respective organizations will be attending Oracle OpenWorld on October 11-15, 2009; the October 2009 Critical Patch Update originally scheduled to be published on Tuesday, October 13th 2009, will be released on October 20th 2009.

Comments  (0)


From the Web

Ensuring Critical Patch Update Quality

July 24, 2009 from: The Oracle Global Product Security Blog

A commentary about Oracle's Critical Patch Update (CPU) program  works from Eric Maurice of Oracle

Comments  (0)


From the Web

July 2009 Critical Patch Update Released

July 14, 2009 from: The Oracle Global Product Security Blog

This Critical Patch Update includes 10 additional fixes for Oracle Database Server. Three of these 10 vulnerabilities are remotely exploitable without authentication. None of these vulnerabilities affect client-only deployments.

Comments  (0)


From the Web

April 2009 Critical Patch Update Released

July 03, 2009 from: The Oracle Global Product Security Blog

Are you running Oracle? Then you need to see this latest set of Critical Patches that could affect the security of your Oracle-backed applications

Comments  (1)


From the Web

Training development staff in secure coding practices pays huge dividends

July 03, 2009 from: The Oracle Global Product Security Blog

I am often asked what it takes to write secure code. In my experience, developers generally cannot prevent introducing security flaws in their code if they don’t know what to watch out for. It is also my experience that people generally, and developers in particular, want to do the right thing - but they need to know what the right thing is.

Comments  (1)


From the Web

The Evolution Of Common Criteria

July 03, 2009 from: The Oracle Global Product Security Blog

Hi, my name is Adam O’Brien. I help guide Oracle products through Common Criteria evaluations. Common Criteria is a worldwide, government-backed scheme for testing the security of a product or system. Essentially, you state what security functions your product should be able to perform, then an independent lab evaluates if the product implements these functions reliably and robustly.

Comments  (1)


From the Web

SANS Top 25 Most Dangerous Coding Errors

July 03, 2009 from: The Oracle Global Product Security Blog

Bruce Lowenthal, Director of the Oracle Security Alerts Group, discusses the SANS Top 25 Most Dangerous Programming Errors

Comments  (1)


From the Web

Cross-Site Request Forgery – A Significant Threat to Web Applications

July 03, 2009 from: The Oracle Global Product Security Blog

Hi, this is Shaomin Wang. I am a security analyst in Oracle’s Security Alerts Group. My primary responsibility is to evaluate the security vulnerabilities reported externally by security researchers on Oracle Fusion Middleware and to ensure timely resolution through the Critical Patch Update. Today, I am going to talk about a serious type of attack: Cross-Site Request Forgery.

Comments  (1)


From the Web

Mysql security risk?

July 03, 2009 from: hackyourself.net

Michael McLaughlin discusses why using 'IDENTIFIED BY password' in MySQL is the new default behavior and why you should leave it that way.

Comments  (1)