some thoughts about Oracle's security breach (by SAP)

Alex Alten alex at
Fri Mar 23 18:29:14 EDT 2007

It seems to me that this could have been prevented (or better damage 
control) by:
1) encrypting the files
2) putting in place good access controls (policy adjudication and enforcement)
	examples: if more than 100 files / week then raise alert
                          if customer access incorrect areas /directories 
raise an alert
3) possibly better auditing in place to assist after-the-fact forensics 
(this might have
     reduced the scope of the theft by allowing a more timely response)

In other words a good security system to secure and protect the customer 
files against insider attack (a hacker using a legitimate customer login).

- Alex

Alex Alten
alex at

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list