Thursday Jul 23, 2009
Thursday Sep 06, 2007
By DarrenMoffat on Sep 06, 2007
Friday Apr 27, 2007
By DarrenMoffat on Apr 27, 2007
I attended InfoSec Europe at Olympia in London earlier this week. I find this show generally a little to "PC" biased sometimes so I wasn't expecting to get too much out of it. I spent most of the time looking around for encrypted storage solutions and products. Last year I found an excellent hardware only encrypting disk drive that is approved for UK government use.
This year I found a device by a company called SafeBoot. Initially I almost discounted this device because I was expecting it to be Windows only. The device is a small USB flash drive with a fingerprint reader to access the data, I think it is their phantom product that I saw. While the device can only be configured from Windows the lock/unlock functionality works on any system. We tried it out under the MacOS X laptop we had with us (this ensures there are no drivers needed for this) and it works just fine. What was even nicer is that a simple software eject under MacOS caused the drive to relock again. So I fully expect this to work just the same under Solaris. Under MacOS X the encrypted part of the device that you need your fingerprint to unlock appears as a removable drive that doesn't have the media in it - until you swipe your fingerprint.
Pretty cool little device, I don't have one at the moment to try it out but it looks promising. I can even see some uses for this in a primarily Solaris based solution, so you might see this or something like it in the future....
Apparently the device can also allow the crypto functionality to be used by the host OS, but only Windows. I wonder if I can get them to write (or collaborate with us to do so) a driver for the OpenSolaris cryptographic framework.
Wednesday Mar 28, 2007
By DarrenMoffat on Mar 28, 2007
I was over the moon today to see Jonathan Schwartz blog the latest organisational announcement. Not just because of the transparency and openness it demonstrates, but also one of the reasons given for forming the Microelectronics group is "investing in cryptography".
The UltraSPARC T1 processor that we first shipped with the T1000/T2000 machines has some very cool modular exponentiation logic in it which makes it possible to implement a hardware-assisted RSA/DSA implementation that is really fast. "No big deal", you say - "PCI cards have been doing it that way for a while"?
Well roll on Niagara 2, due later this year, where we add AES, 3DES, RC4, SHA1, SHA256, MD5 to that list - all done in hardware and all on a CMT processor.
Niagara 2 also brings us hardware randomness from the chip as well.
Now I don't personally know the future of our hardware crypto products beyond this at the moment, but I hope that the investment in the new Microelectronics group will allow us to go even further in this area. When I know more that I can share I'll share it here. There is some stuff I want to share with you about Rock but I need to get my head around it before I'm ready to share.- Darren
This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.
- CVE-2013-5211 Input Validation vulnerability in NTP
- CVE-2013-4496 Credentials Management vulnerability in Samba
- CVE-2014-0092 Cryptographic Issues vulnerability in GnuTLS
- Multiple symlink attack vulnerabilities in logilab-commons
- CVE-2007-0227 Information Disclosure vulnerability in slocate
- CVE-2014-0015 Authentication Issues vulnerability in libcurl
- CVE-2013-4545 Cryptographic Issues vulnerability in libcurl
- CVE-2013-1944 Information Disclosure vulnerability in libcurl
- CVE-2013-2174 Buffer Errors vulnerability in libcurl
- CVE-2012-1833 Permissions, Privileges, and Access Controls vulnerability in Grails