Oracle VM Consulting
view counter

Security Feed

Oracle Security, Compliance, and Identity Management resources, news, and support articles.

Identity Management Is A People Problem (But It Shouldn’t Be!)

Another Cloud Identity Summit has come and gone, and even though it only happens once a year, the effect of being at “the top event on the identity calendar” (as Stephen Wilson puts it) always lingers. You leave trying to process all the great content and ideas you got exposed to, thinking about the wonderful conversations you had, and re-energized from hanging out with so many smart and talented individuals.

As Passwords Die, Are We Witnessing Revolution or Evolution?

It would be pretty funny if the next ad for Apple’s iDevices touting TouchID happened to make the point using Google Glass (“In a world, where Glassholes are everywhere – behind you in line at Starbucks, sitting next to you on the BART, even lying in bed next to you – no passcode is safe!”). This article about the consumerization of shoulder surfing using Google Glass (and other wearables, to be fair) means that any kind of pin entry or pattern swiping can be captured, analyzed and figured out pretty quickly.

Standards Corner: Preventing Pervasive Monitoring

On Wednesday night, I watched NBC’s interview of Edward Snowden. The past year has been tumultuous one in the IT security industry. There has been some amazing revelations about the activities of governments around the world; and, we have had several instances of major security bugs in key security libraries: Apple's ‘gotofail’ bug  the OpenSSL Heartbleed bug, not to mention Java’s zero day bug,

Draft 05 of IETF SCIM Specifications

I am happy to announce that draft 05 of the SCIM specifications has been published at the IETF. We are down to a handful of issues (8) to sort out.

draft-ietf-scim-api
draft-ietf-scim-core-schema

Major changes:

Clarifications on case preservation and exact match filter processing
Added IANA considerations
Formalized internationalization and encoding (UTF-8)
Added security considerations

Thwart online snooping with VyprVPN

VyprVPN for Android, Mac OS X, Apple iOS, and Windows revs up your digital privacy. A virtual private network (VPN) creates a secure network connection over a network you don’t fully trust, such as the Internet. By creating secure tunnels between endpoints, VPNs are a way of disguising (encrypting) your data traffic so that third […]

Thwart online snooping with VyprVPN

VyprVPN for Android, Mac OS X, Apple iOS, and Windows revs up your digital privacy. A virtual private network (VPN) creates a secure network connection over a network you don’t fully trust, such as the Internet. By creating secure tunnels between endpoints, VPNs are a way of disguising (encrypting) your data traffic so that third […]

Standards Corner: Basic Auth MUST Die!

Basic Authentication (part of RFC2617) was developed along with HTTP1.1 (RFC2616) when the web was relatively new. This specification envisioned that user-agents (browsers) would ask users for their user-id and password and then pass the encoded information to the web server via the HTTP Authorization header.

Basic Auth approach quickly died in popularity in favour of form based login where

Standards Corner: Maturing REST Specifications and the Internet of Things

Cross-posted from the Oracle Fusion Middleware Blog.
As many of you know, much of today's standards around REST center around IETF based specifications. As such, I thought I would share some RESTful services related news coming from last week's IETF meetings. Many working groups are now in the final stages of moving key specifications into standard status…

JSON

A new standard draft for

Standards Corner: SCIM and the Shifting Enterprise Identity Center of Gravity

My latest blog post on SCIM is available over on the Oracle Fusion Middleware blog.

OSSEC, the free and open source IDS

Intrusion detection software is meant to monitor network traffic or host activities for malicious actions, such as successful or unsuccessful intrusion attempts, hostile traffic (i.e., malicious scans and denials of service), unauthorized configuration changes, malware symptoms, and user policy violations. An intrusion detection system (IDS) typically can produce reports describing the details of the potentially […]

view counter