Cryptographic hash functions seem to be an ideal method for protecting and securely storing credit card numbers in ecommerce and payment applications. A hash function generates a secure, one-way digital fingerprint that is irreversible and meets...

Oracle has updated the "Best Practices for Securing Oracle E-Business Suite" for Release 12.  The new Metalink Note ID is 403537.1.  Overall, there are very few changes to the document and mostly the changes are only to reflect...

Occasionally, there is a need to expire all application user passwords in Oracle Applications 11i.  Oracle now provides a script to expire all users passwords in 11i.ATG_PF.H RUP4.  The script is located in $FND_TOP/patch/115/sql/...

The recent OAUG "Automating Compliance Survey" (OAUG login required) showed 7% of the organizations surveyed responded as being compliant with the Payment Card Industry (PCI) Data Security Standard (DSS), while 19% were in the process of...

Oracle has certified Oracle 10g (10.2.0.2) Transparent Data Encryption (TDE) with Oracle Applications 11i -- TDE is part of the Oracle Advanced Security Option (ASO), which is a database option and is an additional cost.TDE allows you to selectively...

We have released our quarterly Oracle E-Business Suite Impact analysis for the Oracle Critical Patch Update (CPU) January 2007.  This analysis looks at the CPU from an Oracle E-Business Suite perspective and provides additional details on the...

Oracle has released the January 2007 Critical Patch Update (CPU).  A major change for this quarter's CPU was the release of a pre-announcement on January 11th giving an overview of the products patches and a summary of the vulnerabilities....

For those of you who are OAUG members, I will be presenting an OAUG eLearning session on the Oracle Critical Patch Update January 2007 and the impact on the E-Business Suite.  This session will include a review of the security vulnerabilities...

Here is a quick analysis of the pre-release announcement for the January 2007 Critical Patch Update (CPU) - Overall, 52 vulnerabilities are fixed in this CPU, which is inline with previous CPUs (Oct-06=101, Jul-06=63, Apr-06=36, Jan-06=82...

Oracle is now going to publish a "Pre-Release Announcement" for each Critical Patch Update starting with the CPU to be released next week.  The Pre-Release Announcement contains the executive summaries, list of affected products, and...

Due to the number of client inquiries regarding my recent posting on the Oracle Applications 11i password decryption issue, we have written a whitepaper on the subject to provide more details and additional recommendations.  This issue is...

If you haven't noticed due to the holidays, Oracle has finally released the October 2006 Critical Patch Update (CPU) for 9.2.0.8 on Unix/Linux and Windows.  These patches were released 75 days after the CPU and at least 45 days after...

We have updated our free Oracle Database Listener Security Check tool that analyzes security of the Oracle Database TNS Listener to identify potential security issues.Two new features have been added from upcoming changes to our AppSentry security...

Two weeks after the initial release of the October 2006 Critical Patch Update (CPU) Advisory, Oracle added information about the Oracle Database 9.2.0.8 being vulnerable and about a patch being available in the future.  The 9.2.0.8 patch...

We have updated our free Oracle Database Listener Security Check tool that analyzes security of the Oracle Database TNS Listener to identify potential security issues.  The tool performs four basic checks for the Database Listener in a simple...