Oracle rates the severity of many of these vulnerabilities as Level 1, its highest level. There are no work-arounds; Oracle recommends applying available patches immediately. (Please test your patches before sending them to production servers!) Go to www.oracle.com/ for details.
Oracle reportedly sat on both the vulnerabilities and patches before releasing them. In an interview after the Black Hat Briefings convention in July, David Litchfield, managing director of U.K. vendor Next-Generation Security Software, said he had notified Oracle of 34 vulnerabilities early in the year. Oracle fixed those holes a couple of months ago, he said, but then waited to release the fixes as it was transitioning to a monthly patch update cycle. Incidentally, this release cycle is now the same as Microsoft's.
What's at Stake
As Richard Hoffman notes in our Buzzcut, there's no such thing as unbreakable software, no matter what Oracle or any other vendor says. Any application attached to a network has vulnerabilities--most just haven't been found yet. At the same time, your database administrator better have limited database access to only those people and applications in need of it.
Fact is, our most important information is stored in databases. Customer information. Financial data. Research results. We build complex applications that access this information, often through app servers that sit on the Web. Who cares about getting the keys to the kingdom via OS access when intruders can just as easily go directly for the database gold?
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
