A discussion on Database Administration As A Service™ (remote dba) & other news items that catch my attention

Current Articles | RSS Feed RSS Feed

Cumulative Security Update for Internet Explorer

Posted by Michael Corey on Fri, Jan 22, 2010 @ 02:00 PM

This alert is to provide you with an overview of Microsoft Security Bulletin MS10-002, the Cumulative Security Update for Internet Explorer, released (out-of-band) on Thursday, January 21. This bulletin addresses eight vulnerabilities in Internet Explorer. Microsoft recommends that partners secure their own systems, then reach out to customers to assist them in ensuring their systems are secured.
 

KEY RESOURCES


·        We recommend Microsoft partners use the Microsoft TechNet Security TechCenter as a source of security information http://technet.microsoft.com/security

·        Security Bulletin MS10-002 – Cumulative Security Update for Internet Explorer (978207):
http://www.microsoft.com/technet/security/bulletin/MS10-002.mspx

·        Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/

·        Internet Explorer 8 Deployment Guide:**http://technet.microsoft.com/en-us/library/cc985339.aspx**

 

Founder & CEO, Ntirety

www.ntirety.com

My Personal Twitter Account: Michael_Corey

Ntirety Corporate Twitter Account: Ntirety

 

www.ntirety.com

0 Comments Click here to read/write comments

Massive TSA Security Breach

Posted by Michael Corey on Tue, Dec 08, 2009 @ 10:18 PM

I just saw this and thought I should share it....

 

Massive TSA Security Breach Revealed

December 8, 2009 by ADMIN · Comment

By BRIAN ROSS and MATT HOSFORD of ABC News

Online posting reveals a “how to” for terrorists to fool airport security.

In a massive security breach, the Transportation Security Agency (TSA) inadvertently posted online its entire airport screening procedures manual, including some of the most closely guarded secrets regarding special rules for diplomats and CIA and law enforcement officers.

To read the entire story......

Massive TSA Security Breach


Founder & CEO, Ntirety

www.ntirety.com

My Personal Twitter Account: Michael_Corey

Ntirety Corporate Twitter Account: Ntirety

 

0 Comments Click here to read/write comments

Ever Text Message While Driving, Watch This. It May Save your life

Posted by Michael Corey on Fri, Aug 28, 2009 @ 10:12 AM

Being the survivor of a terrible accident that could have been avoided. This Video really hits home. I feel it’s a must see for anyone that have ever text message while driving a car. 

Note: Be warned: The four-minute PSA is extremely graphic, showing not only the realistic bloody injuries of three pretty teenage girls, but also an unresponsive infant in a car seat and a preschooler asking her unconscious and bleeding parents to wake up.

Will Bloody Texting PSA Get The Message To Teens? by Amy Hatch

 

Founder & CEO, Ntirety

www.ntirety.com

My Personal Twitter Account: Michael_Corey

Ntirety Corporate Twitter Account: Ntirety

 

0 Comments Click here to read/write comments

Can Oracle successfully assimilate Sun?

Posted by Michael Corey on Tue, Aug 11, 2009 @ 09:22 PM

This is a great article on Oracle purchase of Sun. Its come all the way from Express Computer. A weekly publication in India. it was written by Akhtar Pasha.

Here is the opening  of the Article. With a link back to the entire article at the end. 

Can Oracle successfully assimilate Sun?

Oracle finds itself on a sticky wicket after gobbling up Sun Microsystems. While the rationale of the deal is quite clear, Oracle bought Sun for Java and Solaris, questions remain vis-à-vis MySQL and Sun’s hardware business. Akhtar Pasha writes that this mammoth acquisition could prove to be Oracle’s toughest deal yet

Oracle’s announcement that it would acquire Sun took many industry observers by surprise. The database giant has offered little detail on how it intends to achieve the $1.5 billion in first-year operating profit that it has promised investors. While Oracle’s interest in Java and Solaris has been widely discussed and publicized, the company declined to participate in this story citing the fact that the deal is still pending approval. Even otherwise, Oracle has not been forthcoming on critical aspects of the deal, namely, the future of MySQL and what it intends to do about Sun’s hardware business. Customers, analysts and the financial community all have their own doubts at this point of time.

To Read the  entire article.....

Can Oracle successfully assimilate Sun?

Founder & CEO, Ntirety

www.ntirety.com

My Personal Twitter Account: Michael_Corey

Ntirety Corporate Twitter Account: Ntirety

0 Comments Click here to read/write comments

Oracle on Windows, Advice for the DBA

Posted by Michael Corey on Mon, Aug 03, 2009 @ 11:49 AM

As I was searching the Internet for articles on Database Administration I came across an interesting question posted by Earle Shaffer.

 

Oracle on Windows - any first-hand advice?


Hi - I am looking for tips, tricks, and gotchas about running Oracle on the Windows platforms. Specifically regarding RAM and IO monitoring.

In my experience Oracle DBA’s fall into one of two camps. 

  • They are windows Operating system haters
  • They are Windows operating systems tolerant.

I am not saying this if right. It's so how they intially respond. I think it come from too much Oracle corporation brainwashing. So when I saw this question posed, I was curious what I might see for answers. What I saw was a wonderful dialogue full of very useful information.

So in this blog entry I will take the time to share with you some of what I saw. 

James Rice an Oracle DBA at Abbott laboratories responded:


Make sure that you are buying I/O cards for the machine and not using the I/O on the motherboard - not enough throughput - and you should use multiple I/O cards for maximum spread. If you are using external disk then you need to make sure the storage if properly LUN'd to spread out the I/O as you have very little visibility as to how the disk are spread out. If you can buy the MKS Unix toolkit for windows so you can use unix scripts to manage your db as windows scripting can be weak. As for RAM - use a 64 bit os and you don't have issues but if you can't then remember a 2gb sga is about it - you can make it bigger but you will suffer. Hope this helps.

James response is loaded with nuggets of gold and a lot of common sense. 

The slowest operation most computers do is I/O. Anything you can do minimize I/O is usually a step in the right direction.  I/O bottlenecks will kill database performance very quickly. When it comes to database, you are delaing with a major hog of I/O resources. This is just plain good common sense, especially as it pertains to windows operating system.

I loved the MKS Unix toolkit for windows suggestion. Oracle DBA’s love to make windows look like Unix. Let me say that again, Oracle DBA's love to make windows look like Unix. 

The comment on 64Bit Operating system is also great advice.  For those windows shops not using 64 bit, then remember a 2gb SGA is about it. I would take the commentone step further. Never let the SGA be more than 50% of the available memory on the box. You need to leave enough memory for the operating system to do its job.

What is very clear from all the comments. 64 Bit Operating system on windows for Oracle is not a nice to have, its a must have.

Martin Millstam of Oracle Corporation provided some useful links:

 

Oracle Database on Windows and .NET FAQ

 

Oracle Database on Windows and .NET FAQ


Oracle Database Search Results: windows


 

Oracle Database Search Results: windows


Oracle Database Architecture on Windows


 

Oracle Database Architecture on Windows


Administering a Database on Windows


 

Administering a Database on Windows

Vendors like Oracle and Microsoft publish lots of great information. Take the time to read it. This was an excellent suggestion. 

Jeff Wong DBA at AON


windows powershell is possibly the best way to go if you're in a windows environment - it's distributed now as standard with win2k8 server I believe. Otherwise you could try cygwin for unix shell compatibility.


Once again an Oracle DBA telling you another way to help it work like Unix. 

Tuning Windows to Optimize Oracle Database

 

Tuning Windows to Optimize Oracle Database

In summary:


Make sure you are buying I/O cards for the machine and not using the I/O on the motherboard.


If you are using external disk then you need to make sure the storage if properly LUN'd to spread out the I/O as you have very little visibility as to how the disk are spread out.


As for RAM - use a 64 bit os and you don't have issues but if you can't then remember a 2gb sga is about it - you can make it bigger but you will suffer.


UWIN if you want a Unix Like environment on windows


the MKS Unix toolkit for windows so you can use unix scripts to manage your db


try cygwin for unix shell compatibility

 


Founder & CEO, Ntirety

www.ntirety.com

My Personal Twitter Account: Michael_Corey

Ntirety Corporate Twitter Account: Ntirety

 

 

  www.ntirety.com www.ntirety.com

0 Comments Click here to read/write comments

Microsoft Security Advisory (973882)

Posted by Michael Corey on Wed, Jul 29, 2009 @ 09:48 AM

Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution

 

Version: 1.0

Microsoft is releasing this security advisory to provide information about our ongoing investigation into vulnerabilities in the public and private versions of Microsoft's Active Template Library (ATL). This advisory also provides guidance as to what developers can do to help ensure that the controls and components they have built are not vulnerable to the ATL issues; what IT Professionals and consumers can do to mitigate potential attacks that use the vulnerabilities; and what Microsoft is doing as part of its ongoing investigation into the issue described in this advisory. This security advisory will also provide a comprehensive listing of all Microsoft Security Bulletins and Security Updates related to the vulnerabilities in ATL. Microsoft's investigation into the private and public versions of ATL is ongoing, and we will release security updates and guidance as appropriate as part of the investigation process.

Microsoft is aware of security vulnerabilities in the public and private versions of ATL. The Microsoft ATL is used by software developers to create controls or components for the Windows platform. The vulnerabilities described in this Security Advisory and Microsoft Security Bulletin MS09-035 could result in information disclosure or remote code execution attacks for controls and components built using vulnerable versions of the ATL. Components and controls created with the vulnerable version of ATL may be exposed to a vulnerable condition due to how ATL is used or due to issues in the ATL code itself.

Developer Guidance: Microsoft has corrected the issues in the public headers of ATL and released updates to the libraries in bulletin MS09-035 "Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution." Microsoft strongly recommends that developers who have built controls or components with ATL take immediate action to evaluate their controls for exposure to a vulnerable condition and follow the guidance provided to create controls and components that are not vulnerable. For more information on the vulnerabilities and guidance to address issues in ATL, see MS09-035, "Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution."

IT Professional and Consumer Guidance: To help better protect customers while developers update their components and controls, Microsoft has developed a new defense-in-depth technology. This new defense-in-depth technology built into Internet Explorer helps to protect customers from future attacks using the Microsoft Active Template Library vulnerabilities described in this Advisory and Microsoft Security Bulletin MS09-035. To benefit from this new defense-in-depth technology, IT Professionals and consumers should immediately deploy the Internet Explorer Security Update offered in Microsoft Security Bulletin MS09-034, "Cumulative Security Update for Internet Explorer."

This security update includes a mitigation that prevents components and controls built using the vulnerable ATL from being exploited in Internet Explorer, as well as addressing multiple unrelated vulnerabilities. The new defense-in-depth protections offered in MS09-034 include updates to Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8. These defense-in-depth protections monitor and help prevent the successful exploitation of all known public and private ATL vulnerabilities, including the vulnerabilities that could lead to bypassing ActiveX's kill bit security feature. These protections are designed to help protect customers from Web-based attacks.

Home User Guidance: To help better protect customers while developers update their components and controls, Microsoft has developed a new defense-in-depth technology.This new defense-in-depth technology built into Internet Explorer with the new update helps to protect customers from future attacks using the Microsoft Active Template Library vulnerabilities described in this Advisory and Microsoft Security Bulletin MS09-035. Home users signed up for Automatic Updates will receive the new Internet Explorer update automatically and do not have to take any further action. Home Users will automatically be better protected from future attacks against the vulnerabilities addressed in this Security Advisory and in Microsoft Security Bulletin MS09-035.

Mitigating Factors for Controls and Components built using vulnerable version of Microsoft's Active Template Library (ATL):

By default, the majority of ActiveX controls are not included in the default allow-list for ActiveX controls in Internet Explorer 7 or Internet Explorer 8 running on Windows Vista or later operating systems. Only customers who have explicitly approved vulnerable controls by using the ActiveX opt-in feature are at risk to attempts to exploit this vulnerability. However, if a customer has used such ActiveX controls in a previous version of Internet Explorer, and then later upgraded to Internet Explorer 7 or Internet Explorer 8, then these ActiveX controls are enabled to work in Internet Explorer 7 and Internet Explorer 8, even if the customer has not explicitly approved it using the ActiveX opt-in feature.

By default, Internet Explorer 8 offers enhanced protections by enabling DEP/NX memory protections for users on Windows XP Service Pack 3, Windows Vista Service Pack 1 and Windows Vista Service Pack 2, and Windows 7.

By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a server. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration.

By default, all supported versions of Microsoft Outlook and Microsoft Outlook Express open HTML e-mail messages in the Restricted sites zone. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.

In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or instant messenger message that takes users to the attacker's Web site.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Updates related to ATL:

Updates released on July 28, 2009

Microsoft Security Bulletin MS09-035, "Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution," goes into further detail about the specific vulnerabilities in ATL and provides the updated public ATL headers for vendors to develop updated components and controls. Our investigation has shown that there are Microsoft and third-party components and controls that are affected by this issue and that these components and controls exist on all supported editions of Windows 2000 Service Pack 4, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Developers who used vulnerable versions of the ATL when building controls or components should review this bulletin and take immediate action if their controls are vulnerable.

Microsoft Security Bulletin MS09-034, "Cumulative Security Update for Internet Explorer," includes a mitigation that prevents components and controls built using the vulnerable ATL from being exploited in Internet Explorer, as well as addressing multiple unrelated vulnerabilities. The new defense in depth protections offered in MS09-034 include updates to Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8. These defense-in-depth protections monitor and help prevent the successful exploitation of all known public and private ATL vulnerabilities, including the vulnerabilities that could lead to bypassing ActiveX's kill bit security feature. These protections are designed to help protect customers from Web-based attacks.

We are not aware of any methods or controls included with Windows 7 that would allow attacks to be successful through Internet Explorer.

Update released on July 14, 2009

Microsoft Security Bulletin MS09-032, "Cumulative Security Update of ActiveX Kill Bits," provided ActiveX security measures (a kill bit) that prevented the msvidctl control from running in Internet Explorer. The exploit in msvidcntl took advantage of a vulnerability in the private version of ATL. In this specific instance, the vulnerability allows an attacker to corrupt memory, which may lead to a remote code execution. The kill bits issued in the June release for msvidctl (MS09-032) will block the public exploits as described here.

To read more about this security alert....... Microsoft Security Alert (973882)


Founder & CEO, Ntirety

www.ntirety.com

My Personal Twitter Account: Michael_Corey

Ntirety Corporate Twitter Account: Ntirety

 

0 Comments Click here to read/write comments

Oracle announced a 40 percent price increase

Posted by Michael Corey on Sat, Jul 25, 2009 @ 08:14 AM

When I saw this, I just could not believe it. A 40% Price increase in this business climate. Give it a break. It is no wonder Microsoft SQL Server is the fastest growing database in the Market.

Since SQL Server 2005 Microsoft has given us a database that can keep up with Oracle at all levels. When it comes to price performance there is no competition, Microsoft SQL server wins hands down.



Well leave it to Oracle to give is a 40% increase in the worst economy in over 40 years.
Well here is the article that caught my attention…..

Oracle cranks up some prices 40%


Founder & CEO, Ntirety

www.ntirety.com

My Personal Twitter Account: Michael_Corey

Ntirety Corporate Twitter Account: Ntirety


0 Comments Click here to read/write comments

The End Of Sun

Posted by Michael Corey on Sun, Jul 19, 2009 @ 06:59 PM
Tags: ,

I was on the DBA Twibe. Twitter DBA Twibe when I saw this tweet from craigmullins. It was reference to an article on the End of Sun. The article was really well done. Here is the opening of the article:

"At 10:05 a.m. Pacific time today, Sun Microsystems' fate was sealed. At that exact moment, shareholder voting closed, and the motion to accept the acquisition offer from Oracle was approved. There was little fanfare. Jonathan Schwartz, Sun's CEO, and Scott McNealy, its chairman, were both absent. Schwartz was said to be sick. I can't help but think it was psychosomatic."

To read the entire article in SDTIMES by

by Alex Handy

 

The End of SUN

 

 

 

Founder & CEO, Ntirety

www.ntirety.com

My Personal Twitter Account: Michael_Corey

Ntirety Corporate Twitter Account: Ntirety


 



0 Comments Click here to read/write comments

Oracle Critical Patch and Security Alerts List

Posted by Michael Corey on Wed, Jul 15, 2009 @ 09:23 PM

 Critical Patch Updates and Security Alerts Security Alerts Chicklet

Critical Patch Updates
Security Alerts
Public Vulnerabilities Fixed
Policies
Reporting Security Vulnerabilities
References

This page lists security patches, in the form of Critical Patch Updates (CPUs) and Security Alerts, that Oracle has released. The page is updated when new Critical Patch Updates and Security Alerts are released, and it is possible to receive notification of releases by email.

Click here for instructions on how to configure email notifications.
Click here to read the Technical White Paper, "Critical Patch Update Implementation Best Practices"

Critical Patch Updates

To See the most current list......

Oracle Critical Patch and Security Alerts List

 

Founder & CEO, Ntirety

www.ntirety.com

My Personal Twitter Account: Michael_Corey

Ntirety Corporate Twitter Account: Ntirety


0 Comments Click here to read/write comments

ORACLE DBA TIP - Online Documentation

Posted by Michael Corey on Thu, Jul 09, 2009 @ 09:50 PM

On July 7th, I wrote a SQL Server DBA Tip. It was how to get a copy of the SQL Server documentation. Surachart Opun a friend of mine in the oracle world reminded me of the oracle online documentation and how to get it.

I remember once hearing that Albert Einstein did not remember his own phone number because he did not want to clutter his brain with things he could look up when he needed them. 


Having access Database Documentation is a valuable resource for any DBA. 

Oracle Documentation

This page contains links to the most current documentation for Oracle Database, Application Server, Developer Suite, Collaboration Suite and Applications/E-Business Suite.

 Online Oracle Documenation Set

Founder & CEO, Ntirety

www.ntirety.com

My Personal Twitter Account: Michael_Corey

Ntirety Corporate Twitter Account: Ntirety

 


0 Comments Click here to read/write comments

All Posts | Next Page