From oracle-l-bounce@freelists.org Mon Oct 10 12:13:54 2005 Return-Path: Received: from air891.startdedicated.com (root@localhost) by orafaq.com (8.12.10/8.12.10) with ESMTP id j9AHDs97002618 for ; Mon, 10 Oct 2005 12:13:54 -0500 X-ClientAddr: 206.53.239.180 Received: from turing.freelists.org (freelists-180.iquest.net [206.53.239.180]) by air891.startdedicated.com (8.12.10/8.12.10) with ESMTP id j9AHDpvX002609 for ; Mon, 10 Oct 2005 12:13:51 -0500 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id AFB641FA531; Mon, 10 Oct 2005 12:13:47 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12047-01; Mon, 10 Oct 2005 12:13:47 -0500 (EST) Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id F027E1FA534; Mon, 10 Oct 2005 12:13:46 -0500 (EST) x-mimeole: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by Ecartis Subject: RE: Oracle Security Blasted Date: Mon, 10 Oct 2005 10:11:44 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Oracle Security Blasted Thread-Index: AcXNtDEJr6ohX/BAR1OZR6jvd1Dj9AABz9pg From: "Kennedy, Jim" To: , "oracle-l" X-OriginalArrivalTime: 10 Oct 2005 17:11:45.0197 (UTC) FILETIME=[B0FF6DD0:01C5CDBD] X-archive-position: 26646 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-To: oracle-l-bounce@freelists.org X-original-sender: jim_kennedy@mentor.com Precedence: normal Reply-To: jim_kennedy@mentor.com X-list: oracle-l X-Virus-Scanned: by amavisd-new-20030616-p9 (Debian) at avenirtech.net X-mailscan-MailScanner-Information: Please contact the ISP for more information X-mailscan-MailScanner: Found to be clean X-MailScanner-From: oracle-l-bounce@freelists.org X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on air891.startdedicated.com X-Spam-Level: X-Spam-Status: No, hits=-4.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 -----Original Message----- From: oracle-l-bounce@freelists.org [mailto:oracle-l-bounce@freelists.org] On Behalf Of Ray Stell Sent: Monday, October 10, 2005 9:03 AM To: oracle-l Subject: Re: Oracle Security Blasted I attended a security meeting a few years ago with a security expert. Quite fasinating. His main point is that defense must be multi layered and each thing must be able to fend on its own. Also concentrate your efforts in defending that part of your business that if hacked tomorrow would cause the public to never use you again. His question was If you run an airline what electronic system that if breached and tampered with would probably destory your airline? (think about it I'll give you his answer at the bottom.) This guy had helped local law enforcement and FBI to apprehend child pornographers. At the time the FBI were not very internet savvy, I am sure they are much more so now. One day he gets a call from the local police to come to his son's school. (His son at the time was about 8 years old.) The officer, whom he he knew and had worked with in the past declined to say why. The officer assured him everything was fine, but that he needed to come to school. He got there and noticed an ambulace outside and a couple of police cars. He went into his son's class room where his son was, the officer, and his son's teacher. The teacher was visibly upset. He talked to his son and and the police officer and found out that as his son was walking past a corner outside a man came up behind him (he was hiding behind the corner and the son had passed him) and grabbed him. He had lifted him off the ground, and covered his mouth with his hand. His son grabbed the man's pinky with his left hand and his index finger with his right hand. He proceeded to pull down and out and at the same time kicked his heels into the top of the man's knee caps. (pushing them down) The left hand broke, and the knee caps dislodged. The man dropped the boy and the boy ran for help. The man had a broken hand and could not walk - hence the ambulance. Yes, the man had been a child pornographer and had gotten out of prison. Moral of the story: Make sure what is important to you can protect itself. Oh yes, what is probably the most important system in an airline business? Probably the system that holds all the loading and balances for varios classes of planes. Jim -- http://www.freelists.org/webpage/oracle-l