Soumettre la recherche
Mettre en ligne
Rothke - Is wild Larry now crazy Larry?
•
1 j'aime
•
387 vues
Ben Rothke
Suivre
Ben Rothke writes how Oracle's Larry Ellison does not get what security is about.
Lire moins
Lire la suite
Technologie
Formation
Signaler
Partager
Signaler
Partager
1 sur 2
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Infosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. Hooper
Ben Rothke
Rothke Securing Your Wireless Access Network
Rothke Securing Your Wireless Access Network
Ben Rothke
Lessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity com
Ben Rothke
Securing your presence at the perimeter
Securing your presence at the perimeter
Ben Rothke
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Ben Rothke
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizations
Ben Rothke
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
Ben Rothke
Recommandé
Infosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. Hooper
Ben Rothke
Rothke Securing Your Wireless Access Network
Rothke Securing Your Wireless Access Network
Ben Rothke
Lessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity com
Ben Rothke
Securing your presence at the perimeter
Securing your presence at the perimeter
Ben Rothke
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Ben Rothke
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizations
Ben Rothke
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
Ben Rothke
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryption
Ben Rothke
Locking down server and workstation operating systems
Locking down server and workstation operating systems
Ben Rothke
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
Ben Rothke
Securing your presence at the perimeter
Securing your presence at the perimeter
Ben Rothke
Lessons from ligatt
Lessons from ligatt
Ben Rothke
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothke
Ben Rothke
Rothke effective data destruction practices
Rothke effective data destruction practices
Ben Rothke
Rothke computer forensics show 2010
Rothke computer forensics show 2010
Ben Rothke
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
Ben Rothke
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Ben Rothke
La nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswift
Ben Rothke
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
Ben Rothke
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security
Ben Rothke
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Ben Rothke
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
Ben Rothke
Ben Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction Practices
Ben Rothke
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke
Virtualization, Cloud Computing And The Pci Dss
Virtualization, Cloud Computing And The Pci Dss
Ben Rothke
Ben Rothke RSA PK 2010
Ben Rothke RSA PK 2010
Ben Rothke
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
V3cube
Contenu connexe
Plus de Ben Rothke
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryption
Ben Rothke
Locking down server and workstation operating systems
Locking down server and workstation operating systems
Ben Rothke
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
Ben Rothke
Securing your presence at the perimeter
Securing your presence at the perimeter
Ben Rothke
Lessons from ligatt
Lessons from ligatt
Ben Rothke
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothke
Ben Rothke
Rothke effective data destruction practices
Rothke effective data destruction practices
Ben Rothke
Rothke computer forensics show 2010
Rothke computer forensics show 2010
Ben Rothke
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
Ben Rothke
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Ben Rothke
La nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswift
Ben Rothke
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
Ben Rothke
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security
Ben Rothke
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Ben Rothke
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
Ben Rothke
Ben Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction Practices
Ben Rothke
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke
Virtualization, Cloud Computing And The Pci Dss
Virtualization, Cloud Computing And The Pci Dss
Ben Rothke
Ben Rothke RSA PK 2010
Ben Rothke RSA PK 2010
Ben Rothke
Plus de Ben Rothke
(20)
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryption
Locking down server and workstation operating systems
Locking down server and workstation operating systems
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
Securing your presence at the perimeter
Securing your presence at the perimeter
Lessons from ligatt
Lessons from ligatt
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothke
Rothke effective data destruction practices
Rothke effective data destruction practices
Rothke computer forensics show 2010
Rothke computer forensics show 2010
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS Compliance
La nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswift
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
Ben Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction Practices
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Virtualization, Cloud Computing And The Pci Dss
Virtualization, Cloud Computing And The Pci Dss
Ben Rothke RSA PK 2010
Ben Rothke RSA PK 2010
Dernier
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
V3cube
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Pooja Nehwal
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
Dernier
(20)
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Rothke - Is wild Larry now crazy Larry?
1.
E D P
A C S DECEMBER 2003 IS WILD LARRY NOW CRAZY LARRY? BEN ROTHKE R eaders here likely know of the antics and often-outrageous comments of Oracle’s CEO Larry Ellison. Ellison’s harangues at Microsoft, IBM, and myriad other Oracle adversaries are legendary. While his rants have become the norm within the IT community, recent statements of his can’t be considered a tirade, rather a spurious comment illustrating his unaware- ness of computer security. As reported in the November 26, 2001 issue of Computer World, “New Oracle Center to Tackle Security, Homeland Defense” (www.computerworld.com/securitytopics/security/ story/0,10801,66044,00.html), Ellison: ■ stated that Oracle9i is unbreakable ■ challenged the hacker community during the recent Comdex conference to break into the database ■ emphasized the 14 security certifications that Oracle has received from the federal government If one of the three topics were uttered separately, they could possibly be exonerated. Stating them all at a single event is simply an egregious utterance. Mr. Ellison needs to under- stand that corporate CEOs simply can’t make such irrelevant comments. Let’s look at each of these statements on its own. Is Oracle 9i unbreakable from a security perspective? While I can’t fault the company president for touting his own product, I chal- lenge him to find a single security expert, within Oracle or without, to back up his claim. Writing a single, secure distrib- uted Java applet is a challenge; writing an unbreakable data- base is a near impossibility. Asking the hacker community to break into Oracle to prove its security is akin to asking a terrorist to prove the airwor- thiness of an aircraft by bombing it. Hacker challenges (which lack any sort of methodology) have been effective only as marketing ploys, but never as a meaningful substantiation of security. Imagine if the FDA used similar challenges: have a few hundred sick people take a new and experimental drug; if no one dies, let’s consider it safe. Finally, government certifications, especially in the IT world, are not in and of themselves worth much. The same American Airlines Airbus that crashed into a residential neighborhood in November 2001 was flying with scores of government certifications, yet those certifications are mean- ingless to the victims’ families or to the lawyers’ litigation on their behalf. 18 © Copyright 2003 CRC Press–All rights reserved.
2.
DECEMBER 2003
E D P A C S In the post-September 11 era, security is a hot item. Compa- nies are rushing to reposition themselves as security provid- ers and to retrofit security into their often-insecure software applications. Information security when done in a rush or as a retrofit is bound to fail. When people such as Mr. Ellison make nebulous security comments, it serves to create news- print, but does nothing to the underlying problem. While corporate America may want a magic security pixie dust to spread on its networks, such snake oil simply does not work. Navigating the often-difficult waters of security is tough enough. Comments such as those from Larry Ellison only serve to make that water murkier. Ben Rothke, CISSP, is a New York-city based senior security consultant with ThruPoint, Inc. He can be reached at brothke@thrupoint.net. The views ex- pressed are his own. OF INTEREST INTERNATIONAL INSTITUTE The Institute, a nonprofit organization, will FOR DIGITAL FORENSIC function in four specific operational domains: STUDIES ESTABLISHED 1. Research Atlanta, Georgia and Auburn Hills, Michigan. The 2. Education and training Information Systems Forensic Association has 3. Publication announced the formal chartering of the Inter- 4. Applied research and development national Institute for Digital Forensic Studies, These domains will support various commu- a digital forensics and investigation “think nities of interest, including private-sector tank” to be located in Atlanta, Georgia and corporations, public sector organizations, law Auburn Hills, Michigan. The Charter of the enforcement, the criminal justice system, Institute gives as its Mission: and the military, to name a few. The Institute will collaborate with colleges ■ Promote the application of rigorous scientific and universities internationally in the methods to research and practice in digital advancement of digital forensic science prac- forensic science, tool development, and digi- tice, research, and education. As a nonprofit tal investigation organization, the Institute will seek funding ■ Collaborate with government, business, and from corporate sponsorships, grants, endow- academia to advance the state of digital forensic practice through research, educa- ments, sponsor-funded research and applied tion, standardization, and consultation research and development, and sponsor- ■ Encourage publication of scholarly materials funded education and training. for the advancement of expertise in the field Some early initiatives to be undertaken by ■ Provide applied research and development in the Institute as it receives initial support sophisticated aspects of digital forensic science funding include: focused upon court testimony, anomaly resolu- ■ Development of education and training cur- tion, forensic readiness (security event man- ricula for forensic examiners, investigators, agement), and incident post-mortem analysis and tool developers © Copyright 2003 CRC Press–All rights reserved. 19
Télécharger maintenant