Feeds

Bullseye of Oracle patches due Tuesday

Forewarned is forearmed

3 Big data security analytics techniques

Oracle has taken a leaf out of Microsoft's book by publishing a pre-alert of patches database admins can expect as part of its next patch release cycle.

The alert is designed to give administrators a better idea of how much work they have coming up, so that they are then able to allocate time and other resources appropriately. However this month Redmond released half the number of patches it initially promised, because of testing problems. Time will tell whether Oracle experiences similar problems in delivering its quarterly patch update as Microsoft experiences from time to time with its monthly patches.

Oracle first-ever critical update pre-release statement tells sys admins to expect 52 patches next Tuesday (16 January) covering flaws in Oracle Database, Application Server, Enterprise Manager, Identity Management, E-Business Suite, Developer Suite, and the PeopleSoft software packages.

More than half the patches (27 of the 52) involve Oracle's flagship database software. Ten of these might be exploited without the benefit of knowing a user name or password, potentially making them far easier to exploit.

The pre-alert is part of a larger plan by Oracle, which has been criticised in the past by security researchers over the time it takes to develop security patches to be more transparent about its security practices.

In October, during its last release cycle, Oracle began rating the severity of bugs in its applications according to the Common Vulnerability Scoring System (CVSS), an industry-wide initiative designed to standardise vulnerability ratings. Oracle rates this quarter patch batch at 7.0 in a scale from zero to 10, where 10 indicate impending internet meltdown (or some such calamity). ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.