Oracle Security Alert for CVE-2012-3132
One of our ISC readers, Dave, sent us a note that Oracle released a security note for CVE-2012-3132, the Privilege Escalation vulnerability in the Oracle Database Server initially discussed during Black Hat 2012. I recommend carefully reading the wording of this notification because there are Oracle products that contain the Oracle Database Server as a component of the overall suite, such as Oracle Enterprise Manager. One comment that Dave and both had is that Oracle found it necessary to highlight what didn't need to be patched, in bold comments near the top of the article. Our thought was that this could be misleading or misunderstood, and confusion is never a good thing.
tony d0t carothers --gmail
Layers of the Defense-in-Depth Onion
Defense-in-Depth (DiD) is a term that is often used within the CyberSecurity world, but what does it really mean? It basically means that we have the ability to monitor and control operations at different points within the enterprise infrastructure to give us a perspective from which we can defend our assets and resources. An onion has layers (I know, cheap movie reference there) but unlike an onion, the layers in a defense in depth approach have different functions.
The two most common layers in a DiD onion is the network firewall and host-based antivirus. These are proven technologies that address a number of threats, and I would call these a ‘must-have’ for any SOHO environment. In spite of their maturity, these technologies have flaws old and new that have been exploited for years. Compound this with the operational exceptions that are often put in place to support operational requirements, and the technologies become fairly limited. An analogy a colleague gave me this week is, essentially, that “a firewall is like a prison with a single fence, and the AV are the guards in the middle that watch the fence. When exceptions are put in place that tell these systems ‘don’t look here’ you are blinding the guards and crippling a small piece of that defense component”.
So let’s talk about the firewall. The firewall is an outstanding piece of network equipment, a critical piece of security infrastructure, that is good at stopping packets it has been told to stop, and reporting to us that it has stopped the traffic we asked it to stop. It is also very good at passing traffic it has been told to ignore. And here is where the fun begins. One class of traffic that is mostly ignored, and for good cause, is outbound user traffic. Human nature being what it is, accidents and mistakes happen, which leads to an inadvertent incident and possible compromise. For example, when a user visits a compromised web page, that user then becomes a compromised user.
Now where is the antivirus? The antivirus application is running right along, analyzing the files, folders, and transactions as configured. The problem comes in this: Most instances of antivirus suites I have observed in deployment have many of the default settings still in place. I know what these defaults are, and so do the hackers writing the exploits that are being slid through the firewall. Additionally, there are files and folders that are often recommended by the software manufacturer to be excluded from antivirus analysis because it impacts their performance. Hackers usually know this too :)
So there are a number of threats that exist that these technologies do not address, even when tuned to be as secure as they can possibly be made. Add to it an environment where you have mobile users, it gets even more tricky. In the FW/AV DiD approach, as soon as the device leaves the corporate network it has lost half of the defense that was put in place to protect it.
Some questions to ask:
What are we monitoring?
What are we not monitoring?
tony d0t carothers --gmail
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago