• Ecuador: data leakage of almost all citizens

    VpnMentor found a big data leak. From an unprotected server owned by Novaestrat, an Ecuadorian consulting and analytical company, 18 GB of personal data and 20 million financial data of Ecuadorians, including 7 million children, got into the network.

  • How to ensure the Oracle database security?

    Database security has several aspects. First, there is authentication: Who can connect? How does one identify them? Second, there is authorization: What are users allowed to do? How does one restrict their actions? Finally, there is auditing: Given that users can connect and perform certain actions, how do you track what they are doing? These aspects are covered in this short note.

  • Introducing Core IT Security Principles

    When thinking about security, most people start by thinking about their stuff. We all have stuff. We have stuff that we really care about, we have stuff that would be really difficult to replace, and we have stuff that has great sentimental value. We have stuff we really don’t want other people to find out about. We even have stuff that we could probably live without. Now think about where you keep your stuff. It could be in your house, your car, your school, your office, in a locker, in a backpack or a suitcase, or a number of other places. Lastly, think about all of the dangers that could happen to your stuff. People could be robbed or experience a disaster such as a fire, earthquake, or flood. In any case, we all want to protect our possessions no matter where the threat comes from.

  • IT Security

    Blogs on information security, protection of IT resources, systems and networks.

  • Network security: Performing Threat Modeling

    Threat modeling is a procedure for optimizing network security by identifying vulnerabilities, identifying their risks, and defining countermeasures to prevent or mitigate the effects of the threats to the system. It addresses the top threats that have the greatest potential impact to an organization.

  • Oracle Database and Security: is protection strong?

    Oracle Database SecurityIn June of 1997, Larry Ellison and Robert Miner founded a company called Software Development Labs. Both had worked together at Ampex; Robert had been Larry's supervisor. Together they had a vision, inspired by the work of Edgar Codd. Codd worked as a researcher for IBM and developed ideas for relational database systems. In 1970 he published a paper entitled "Relational Model of Data for Large Shared Data Banks." While IBM was slow to see the potential of Codd's ideas, Larry and Robert were not. They changed their company's name to Relational Software, Inc., in 1979, and not long after that it again underwent a name change—becoming Oracle. "Oracle" had been the code name for a CIA project that both Larry and Robert had worked on while at Ampex. Indeed, by all accounts, in the early years, the biggest consumers of Oracle's software was the CIA and the NSA. Given this, one would assume that security would have been at the top of Oracle's agenda.

  • Understanding Physical IT Security as the First Line of Defense

    There are a number of factors that need to be considered when designing, implementing, or reviewing physical security measures taken to protect assets, systems, networks, and information. They include understanding site security and computer security, securing removable devices and drives, access control, mobile device security, and identifying and removing keyloggers.