Archive for 'Patching'
Oracle Housekeeping
I’ve seen my fair share of Oracle databases in control systems and have been thinking more about it since working on some Bandolier Security Audit Files for a SCADA system with an Oracle component. With that in mind, here are a few bits of Oracle-related news and tips.
Oracle announced today that this quarter’s cycle includes [...]
Author: Jason Holcomb
Posted: July 13th, 2010 under Bandolier, Patching.
Comments: 1
Watching A Busy Patch Tuesday
Fortunately I’m not responsible for patching anything besides my MacBook, but I do keep an eye on Patch Tuesday and monitor a number of IT security blogs and podcasts. This past Tuesday included 34 vulnerabilities according to the folks at Tenable Network Security [Full Disclosure: Tenable is a partner in Digital Bond's Bandolier and Portaledge [...]
Author: Dale Peterson
Posted: June 10th, 2010 under Patching.
Comments: 1
Code signing, misconceptions and realities
Code signing is a security feature that has been around for quite some time, and has been proven in many other areas, but is uncommon to find it in any control system component and very rare to find in control devices where firmware uploading is an important feature. Without a doubt the technology is useful, [...]
Author: Daniel Peck
Posted: May 20th, 2010 under Authentication, Patching, Remote Access, SCADA Architecture.
Comments: none
Juniper Networks Flaw
Late last week a story came out about Juniper Networks routers being susceptible to a remote reboot. Versions of JUNOS and JUNOSe prior to 10.X can be crashed by sending a single packet to an open port on the router. The reboot occurs when a packet with the TCP Header Options field contains malformed data. [...]
Author: Charles Perine
Posted: January 14th, 2010 under Patching.
Comments: 1
Tiered Patching Infrastructure
There’s a great write-up on building and maintaining a Windows tiered patching infrastructure over at Ars Technica today. It sets up like this:
Windows updates have historically been a constant annoyance for IT staff. Manual updates were a huge pain, and, while the advent of the Automatic Update feature improved the situation, it brought with it [...]
Author: Jason Holcomb
Posted: December 9th, 2009 under Microsoft, Patching.
Comments: none