IBMDatabaseMagazine.com Blogs

Did you catch the 21 April 2008 IBM Flash Alert? Since not everyone subscribes to IBM alerts, I thought it prudent to bring your attention to new fixpacks here. It seems IBM acted reasonably swiftly and appropriately to create these new fixpacks for V8, V9, and V9.5, which address the documented vulnerabilities.

Continue reading "DB2 for Linux, UNIX, and Windows Versions 8, 9.1 and 9.5 Security Vulnerabilities and HIPER APARs..."

Comment on this blog entry


A Web 2.0 Expo debate: creativity vs. control in the enterprise

Forrester Research is projecting that companies will spend nearly $5 billion on Web 2.0 technologies like mashups, wikis, widgets, and so on in the next five years. That explains the tremendous energy around the Web 2.0 Expo underway in San Francisco this week.

Tomorrow Anant Jhingran, CTO of Information Management, and RedMonk analyst Stephen O'Grady face off over the challenges of bringing Web 2.0 technologies into the enterprise in a session called "Creativity vs. Control: The Debate Continues—Can Enterprises Have Both?"

Continue reading "A Web 2.0 Expo debate: creativity vs. control in the enterprise..."

Comment on this blog entry


SQL Injection and Stored Procedures

In doing numerous reviews of stored procedures, we see many customers with SQL injection issues. SQL injection is one of the most basic and common security issues in database applications.

Continue reading "SQL Injection and Stored Procedures..."

Comments(1)


DB2 LUW: Data Security Considerations for Auditors, Security Professionals, and IT Managers

A lot of attention is being paid these days to database security and auditing. IBM has made great improvements in security and auditing with DB2 9.5 (Viper 2). Still, there remains a security vulnerability that many auditors and security administrators are not aware of, and I doubt that DBAs will rush to inform their management. Specifically, certain monitoring commands easily expose sensitive data to the DBA.

Continue reading "DB2 LUW: Data Security Considerations for Auditors, Security Professionals, and IT Managers..."

Comments(7)


DBA Activity results in Class Action Lawsuit

I suppose it was just a matter of time. In a news release announced today, Girard Gibbs LLP has announced a class action lawsuit against Certegy. 8.5 million consumers are impacted.

Continue reading "DBA Activity results in Class Action Lawsuit..."

Comments(1)


An IBM security breach: Can you trust your contractors?

Last week, InformationWeek reported that tapes containing sensitive data on some IBM employees and customers vanished from a contractor's vehicle in late February just miles from IBM headquarters in Armonk, NY. An IBM spokesperson told InformationWeek that the tapes carried "different levels of protection." Other news outlets reported that only some of the tapes were encrypted. IBM has since notified affected employees (and offered them a year of free credit monitoring) and placed ads in local newspapers offering a reward for the tapes' return.

Continue reading "An IBM security breach: Can you trust your contractors?..."

Comment on this blog entry


Is anyone getting information security right?

In this issue's editor's note, I mention the spectacular failure on the part of prominent retailers (like TJX, which exposed at least 45 million records), government agencies (just this Saturday, the Transportation Safety Administration admitted to losing a laptop containing Social Security numbers and other personal data on 100,000 of its employees), and other organizations at preventing information theft--despite the compliance mandate to do so.

Continue reading "Is anyone getting information security right?..."

Comment on this blog entry