Oracle acquires security firm Oblix
Oracle said it has completed its acquisition of Oblix Inc., a private developer of identity-based security software. Oblix's technology will complement identity and access management tools available in Oracle Identity Management and included as part of Oracle Application Server 10g, the company said.
"This acquisition will allow Oracle to offer customers a complete solution for securely managing identities; one that is even more flexible, scalable, and integrated and helps customers lower the cost of regulatory compliance," Thomas Kurian, senior vice president, Oracle Server Technologies, said in a statement. "These capabilities will further enhance Oracle's market-leading security infrastructure. We are very pleased to be joining with Oblix to provide a new level of security and service to our customers."
Oracle said organizations that use Oblix products include American Airlines, British Airways, CEMEX, the Chicago Board of Trade, Cisco Systems, Flextronics, General Dynamics, General Motors, Hitachi, Ingersoll-Rand, Norsk Hydro and the United States Postal Service.
The company added that it plans to merge Oblix into its operation quickly. Oblix products, including COREid, SHAREid, and COREsv, will continue to be available on a stand-alone basis, Oracle said. The company said it will also "include the best features and capabilities of Oblix into its broader identity infrastructure offering."
Oblix currently employs about 100 people. At the time of writing, Oracle had not disclosed financial details of the acquisition.
This is the latest in a string of acquisitions the company has embarked on recently. Last week it signed a deal to buy software firm Retek for $650 million. Late last year it acquired rival PeopleSoft for $10 billion.
Vulnerabilities in Linux kernel
The Linux kernel has been updated to fix several security holes attackers could exploit to cause a denial of service, disclose sensitive information or gain escalated user privileges, Danish security firm Secunia said in an advisory.
Secunia said the problems are:
- Some unspecified errors in the ISO9660 filesystem handler, including the Rock Ridge and Juliet extensions. "These can be exploited via a specially crafted filesystem to cause a DoS or potentially corrupt memory, leading to execution of arbitrary code," the firm said.
- An error in the "bluez_sock_create()" function when creating Bluetooth sockets can potentially be exploited to gain root privileges on a vulnerable system.
- An information leak exists in ext2 when creating new directories and may disclose kernel memory.
- An error in the load_elf_library can be exploited to cause a denial of service.
Secunia recommends users update to version 220.127.116.11.
Telecomm giants team up to target cyberattackers
Several major telecommunications firms have formed an alliance against common enemies in cyberspace.
The Fingerprint Sharing Alliance is "a first-of-its-kind industry initiative aimed at helping network operators share Internet attack information automatically," according to a statement from one of its members, Arbor Networks. It said the alliance "marks the first time companies are able to share detailed attack profiles in real-time and block attacks closer to the source. This global alliance marks a significant step forward in the fight against Internet attacks and major infrastructure threats that cross network boundaries, continents and oceans."
The alliance is also comprised of such enterprises as Asia Netcom, Broadwing Communications, Cisco Systems, EarthLink, the University of Pennsylvania, Verizon and WilTel Communications.
Is more government the answer to stronger cybersecurity?
A new public policy study by the Congressional Research Service suggest problems ahead if lawmakers wish to use regulation to strengthen the nation's cybersecurity. While the 57-page report concludes computer networks remain ineffective to market-forced changes and that companies remain reluctant to share information with competitors when it comes to threats and attacks, no one can agree to the best approach for cybersecurity and the pace of technological change will quickly leave regulations outdated.
The report instead advocates several options: encourage best practices and adoption of information security standards; promote procurement practices based on a product's or service's security features; mandate reporting of certain kinds of security breaches; provide product liability actions against vendors of insecure software and hardware; promote better cybersecurity insurance; and strengthen existing federal cybersecurity programs. That includes giving the Department of Homeland Security or another agency more authority in cybersecurity issues.
DVForge calls off its virus-writing contest
Henderson, Tenn.-based consumer technology company DVForge Inc. has cancelled a contest that awarded $25,000 to anyone that created a virus able to infect two Internet-connected PowerMac G5 computers running OS X 10.3 Panther systems without a firewall. CEO Jack Campbell told reporters the company changed its mind after consulting with lawyers and hearing from Mac users and software experts who'd advised against it. The company announced the challenge in protest of the latest Symantec Threat Report which showed an increase in malware-oriented Macintosh attacks during the last six months. Those findings have been disputed by OS X supporters, and Campbell said he'd hoped his company could prove Symantec wrong about Mac OS X's security.