Stories about: Oracle

Security issues often seem to smolder more than burn, but these six are certainly capable of lighting a fire under IT professionals at a moment's notice. Handle with care.

Oracle released 41 security fixes for its flagship database and several other products Tuesday, including 15 patches for vulnerabilities that can be exploited remotely without a username or password.

More than 3600 vulnerabilities discovered last year remain un-patched, according to a study.

The late Internet pioneer Jon Postel (1943-1998), among others, developed the Simple Mail Transfer Protocol (SMTP) in 1982 that is still used today for Internet mail communications. But I'm sure Postel would be turning over in his grave if he could see the abuse that his protocol is subject to today.

IBM upgraded its identity management capabilities with tools to help customers manage user access to sensitive information, the company said Wednesday.

Faced with looming regulations such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act, Craig Shumard, chief information security officer for healthcare provider Cigna, knew he needed better tools for role-based access control.

As long as IT managers encrypt data using only one vendor's products, the keys used to decrypt that data can be relatively easy to manage. But it will likely become much more complicated as more vendors build encryption into more and different types of storage devices, each with their own key management system, and as users need to move encrypted data among devices for disaster recovery, legal discovery or simply everyday business communications.

Microsoft is offering updates on the progress of interoperability initiatives, including the Interoperability Executive Customer Council (IEC) and the Interop Vendor Alliance (IVA).

New companies have to be brash to enter the network security market, given that the industry has witnessed an explosion in creativity over the past five years and considering that big players such as Microsoft and IBM increasingly are throwing their weight around in security.

A unique demonstration showed user-centric identity software from major vendors, start-ups, one-woman projects and open source hackers all working in concert to replace passwords with validated identity-card access to Web-based resources.

As a Microsoft employee, I try to avoid writing on areas that blatantly promote Microsoft. However, I think this question is generic enough to involve Microsoft in the discussion: Can IP addresses ever be used for statistical analysis of malicious Web sites?