Click here to receive your FREE subscription to Campus Technology
News
Sentrigo Offers Help for Database Patching Woes
7/17/2008
|
|
Sentrigo Inc. released its new Hedgehog vPatch database security software product Tuesday. The product addresses patching inconsistencies that seem to affect busy Oracle database administrators (DBAs), who don't always have time to test and patch. However, users of Microsoft SQL Server database in the enterprise can take a lesson here too.
Massachusetts-based Sentrigo found grist for the mill on the Oracle side after a survey found that most Oracle administrators were failing to patch their systems. Two-thirds of the 305 DBAs, consultants and developers surveyed had never installed Oracle's Critical Patch Updates. The survey also found patching delays associated with Microsoft SQL Server users.
Microsoft released a July patch for SQL Server earlier this month, fixing four vulnerabilities -- a significant number. SQL Server has a reputation for ease of use compared with the more complex Oracle ERP and Oracle database stacks. Still, while ease of use can be a good thing, it can also be good motivation for hackers to apply their trade.
Sentrigo's view is that the more widely Microsoft SQL Server databases get used in enterprise deployments, the more attention they'll receive from hackers. The current trend is a rash of SQL injection attacks launched through insecure Web sites. The company's Hedgehog product is designed to help in the interim before database patches are applied by adding another security layer to the mix.
"Product release aside, where SQL injections are concerned, we might be seeing the beginning of a trend, said Sentrigo's Vice President Rani Osnat "What we're coming to the table with is an additional security layer that doesn't require restarts or application testing."
Guess Who?
Whether IT pros find Hedgehog or similar products useful, there are many solid reasons to patch databases. One lesson is the SQL Server injection attack suffered by apparel maker Guess Inc., as described by a Federal Trade Commission document.
Recommended Reading
- Tufts Grants Rights for Mileage-Increasing Transportation Technology to Electric Truck
Tufts University has optioned rights to a technology that can recharge the batteries of any hybrid electric and electric-powered vehicle while it is driven. The Tufts-developed technology could increase by 20 percent to 70 percent the miles per gallon or total driving range performance of vehicles like the Honda Civic, Ford Escape, and Toyota Prius hybrids and the Tesla Motors and Phoenix Motorcars electric vehicles.
- U Florida and Cyntellect Collaborate to Unlock Mysteries of Cancer Stem Cells
The University of Florida has entered into a research agreement with life sciences company Cyntellect. The university's Interdisciplinary Center for Biotechnology Research will work with the company to focus on a variety of research areas including the purification and analysis of cancer stem cells (CSCs), rare cells believed to be directly involved in propagating cancers.
- George Mason U Receives Grant To Deploy Intergraph Apps for Intelligence Curriculum
George Mason University (GMU) in Fairfax, VA has been awarded a grant from Intergraph to enable students enrolled in GMU's Geospatial Intelligence Graduate Certificate program to use the company's geospatial production and exploitation software as part of their core curriculum.
- Institute for Cyber Security at U Texas, San Antonio Opens Incubator
The University of Texas at San Antonio (UTSA) Institute for Cyber Security (ICS) has launched a new Internet security incubator. The incubator was developed to commercialize promising technologies that address major cyber security and privacy issues. The first companies to enter the incubator are Denim Labs and SafeMashups.
- ISO/IEC Publishes Office Open XML Standard
ISO/IEC has published the Office Open XML (OOXML) file format standard, formally known as ISO/IEC 29500:2008. It describes file formats originally designed by Microsoft for its Office 2007 productivity suite, which are used in presentation, spreadsheet and word processing applications.
- Dynamics NAV 2009 ERP Coming Next Month
Microsoft exec Kirill Tatarinov Wednesday described some new features to expect in the forthcoming Microsoft Dynamics NAV 2009 enterprise resource planning solution. He gave the keynote address at Microsoft's Convergence 2008 event in Copenhagen, Denmark.
