News Commentary on "Hacker finds 492,000 unprotected Oracle, SQL database servers"

Hacker finds 492,000 unprotected Oracle, SQL database servers by ZDNet's Ryan Naraine -- A survey by renowned database hacker David Litchfield has found a whopping 492,000 Microsoft SQL and Oracle database servers directly accessible to the Internet without firewall protection.

Not having verified any kind of similar results and not being able to look at his results I cannot dispute what he found. However, I'm finding it difficult to believe that he picked 1.1 million IP addresses 'at random' and then of these, almost 32% were active open MS SQL servers. Some of this other statistics I'm also finding hard to swallow.

Not having verified the results, I can only give my option: FUD (Fear Uncertainty and Doubt), possibly with the goal of selling his products.

XBOX Is Now 5 Years Old, Hackers Celebrate In Their Special Way

Today, the 5 year anniversary of the Xbox, the University was attacked with UDP floods to the ports used by XBox Live - port 3074.

Thanks to our forensic specialist for showing a text dump of the packets, which revealed:

····X-R own you
*****!··········
················
················
················
················
············X-R
own you *****!··
················
················
················
················
················
····X-R own you
*****!··········
················

Replace ***** with the derogatory term normally reserved for female canines.

Walmart And Google Bring Linux To The Masses

I would have never imagined I would be tying in a title like that. Google and Walmart have indeed put together an Operating System called gOS and are selling it on a computer for less than $200. Personally I am looking forward to those who have never owned a computer before to begin this journey on a Linux-based distribution, however, I fear the backlash when they attempt to put in a their favorite Windows program and it will not install.

I can only wonder what security is included: iptables as a firewall? SECLinux? Automatic updating?

In the near future I may download a copy and write up a review.

Network Security Podcast Available

New podcast from Martin's site which you can download here.

Topics I found interesting:

Glenn Flieshman from TIDBITS and WI-FI Networking News is interviewed about Apple's new O/S Leopard. Leopard isn't as secure out of the box as its predecessor, Tiger.

As a new MAC user I am personally interested in this topic.

Don't use back to my MAC due to uncertain (if any) expiration of the kerberos ticket.

Be wary of the firewall's Allow-All default and recheck your settings after an upgrade.

Expect some fixes coming out in the immediate future.

ISC-Squared Changes Their CPE Requirements

Security certification organization ISC-squared has adjusted their CPE requirements. Any who do not comply will suffer the "Suspension" rules.

From a recent email to members:

CISSP - CISSPs must earn and submit a total of 120 CPEs by the end of their three-year certification cycle. With the new changes, a minimum of 20 CPEs must be earned and posted and the US$85 AMF paid during each year of the three-year certification cycle before the anniversary date. For CISSPs who hold one or more concentrations, CPEs submitted for the CISSP concentration(s) will be counted
toward the annual minimum CPEs required for the CISSP.

SSCP - SSCPs must earn and submit a total of 60 CPEs by the end of their three-year certification cycle. Under the new requirements, a minimum of 10 CPEs must be posted and the US$65 AMF paid during each year of the three-year certification cycle before the anniversary date.

CAP - CAPs must earn and submit a total of 60 CPEs by the end of the three-year certification cycle. Under the new rules, a minimum of 10 CPEs must be posted and US$65 paid during each year of the three-year certification cycle before the anniversary date.