I’ve seen my fair share of Oracle databases in control systems and have been thinking more about it since working on some Bandolier Security Audit Files for a SCADA system with an Oracle component. With that in mind, here are a few bits of Oracle-related news and tips.

Oracle announced today that this quarter’s cycle includes [...]

Fortunately I’m not responsible for patching anything besides my MacBook, but I do keep an eye on Patch Tuesday and monitor a number of IT security blogs and podcasts. This past Tuesday included 34 vulnerabilities according to the folks at Tenable Network Security [Full Disclosure: Tenable is a partner in Digital Bond's Bandolier and Portaledge [...]

Code signing is a security feature that has been around for quite some time, and has been proven in many other areas, but is uncommon to find it in any control system component and very rare to find in control devices where firmware uploading is an important feature.  Without a doubt the technology is useful, [...]

Late last week a story came out about Juniper Networks routers being susceptible to a remote reboot. Versions of JUNOS and JUNOSe prior to 10.X can be crashed by sending a single packet to an open port on the router. The reboot occurs when a packet with the TCP Header Options field contains malformed data. [...]

There’s a great write-up on building and maintaining a Windows tiered patching infrastructure over at Ars Technica today. It sets up like this:
Windows updates have historically been a constant annoyance for IT staff. Manual updates were a huge pain, and, while the advent of the Automatic Update feature improved the situation, it brought with it [...]