Stories about: PeopleSoft

From a security perspective, service oriented architecture (SOA) is a tricky thing. It's not hard for bad guys to compromise it with SQL injection, capture-replay and XML denial-of-service attacks, which they can ultimately use to bust through walls around a company database.

Oracle's announcement of its intended US$7.4 billion acquisition of Sun has certainly shaken up the hardware and server operating system (OS) business markets.

Oracle released 41 security fixes for its flagship database and several other products Tuesday, including 15 patches for vulnerabilities that can be exploited remotely without a username or password.

The customization of off-the-shelf software is the weakest link in application security. This is particularly true for widely used enterprise products such as SAP and Oracle, according to Gartner research director Rich Mogull.

Internet Security Systems Chairman, CEO and President Tom Noonan says customers increasingly are looking for security platforms that do two basic things: Let the good guys in and keep the bad guys out. He spoke with Network World's Editor in Chief John Dix and News Editor Bob Brown. Here is an edited transcript of Noonan's thoughts on a host of topics.

With an existing mixture of mainframe and proprietary Unix systems, the Department of Defence has chosen the x86 and IA64 architectures over Sparc for its new $450,000 security management application.

For several years, my company used Microsoft's Point-to-Point Tunneling Protocol (PPTP) to provide remote users with VPN access to corporate resources. This worked well, and almost all employees who had PPTP permissions were comfortable with this method. But after several security problems with PPTP were reported, we decided about a year ago to deploy virtual private network concentrators from Cisco Systems at all of our core points of presence.

A Californian company is set to shake up the debate about the merits of IPsec versus SSL. Net6 says that it has managed to merge the two technologies, just as the two camps had managed to agree on a common message to the market.

Just when I thought we had solved one set of IT security problems by getting the human resources department to properly train new hires, another has cropped up with our IT team and a new single sign-on system it has deployed. The system was designed without input from the IT security team and at least one other department that will be affected. Now we're dealing with the issues after the fact.