Veröffentlicht am

IT-Sicherheitsvorfall in der Oracle Cloud?

Das Nachrichtenportal heise.de berichtet heute von einem möglichen IT-Sicherheitsvorfall in der Oracle Cloud: https://www.heise.de/news/Oracle-angeblich-gehackt-Nutzerdaten-im-Darknet-zum-Verkauf-10327980.html

Zum Stand dieser Mitteilung (25.03.2025 17:04) bestreitet die Firma Oracle einen entsprechenden Angriff. Zwecks Transparenz bestätige ich aber, dass die Domain "fm-berger.de" in der vom Angreifer veröffentlichten Firmenliste (Company.List.txt - SHA1 dad5b71e2077044c0f4ac69a79b7d7e393e15129) enthalten ist.

Grund zur Panik besteht, zumindest in meinem Fall, nicht. Das entsprechende Konto ist über einen zweiten Faktor (2FA) gesichert. Das genutzte Passwort war zudem mehr als 20 Zeichen lang und entsprechend komplex.

Allgemeine Empfehlung:

  • Ohne Passwort-Manager geht es nicht mehr - meine Empfehlung KeePassXC: https://keepassxc.org/
  • Multi-Faktor-Authentifizierung ist aus meiner Sicht ebenfalls Pflicht, wird aber leider bis heute nicht von allen Diensten sauber unterstützt
  • Von SMS als zweitem Faktor rate ich aus Sicherheitsgründen ab

Es ist inzwischen leider normal, dass im Prinzip jeder mehrmals pro Jahr mit ähnlichen Vorfällen rechnen muss. Das gleiche Passwort bei mehreren Diensten zu nutzen ist ein absolutes No-Go!

Veröffentlicht am

Using Mozilla Weave

Notebooks are usefull things, you can take them with you and your office is where ever you are. I am currently switching to a new notebook and that is sometimes a little bit painful. It takes days to get all software and settings to work as it was on the old one. You know what I mean?

Over the last years I started to use IMAP for mails and subversion for code and other snippets to put most of the things I need to a central server. But I have found no solution for bookmarks and stuff like that. Yea, I know, there are several online services where you can store bookmarks and share them with other people. For security reasons I want to store my bookmarks on my own servers.

Mozilla Weave Logo

For that purpose Mozilla Weave is exactly what I am looking for! It is a Mozilla Firefox Plugin and stores bookmarks, browsing history or saved passwords on an WebDAV Server. Mozilla also provides an public WebDAV service and currently they have reached their account limit and do not allow new registrations. But if you are going to use your own WebDAV server you can still download the XPI package from that location.

I configured Apache as a WebDAV server like that:

Alias /webdav/ "/var/www/webdav/" 
<directory /var/www/webdav>
  DAV on
  AuthType Basic
  AuthName "WebDAV Storage"
  AuthUserFile /etc/httpd/passwd/passwd.dav
  require user frank
  Options Indexes
</Directory>

After installing the weave plugin you have to change the settings of the WebDAV server to use:
Mozilla Weave Setup

Veröffentlicht am

Links for Oracle Application Express

Mario a colleague of mine is starting to work on an project to extend an PL/SQL-based web application - so I thought it would be a good idea to give him a view links for Oracle Application Express - Que se divierta con ella.

Sometimes customers have the need for an ad hoc web development tool, especially when an PHP- or Java-based approach seams to be oversized. One solution provided from Oracle is called Application Express (APEX) - the former name was HTML-DB.

To get an first impression from APEX I recommend to view the APEX Quick Tour at the Oracle website.

The Official Home Page for Oracle Application Express can be found here.

To get you started with APEX and AJAX I have to links for you:

Well and for Charting you have a lot of options too:

Veröffentlicht am

Freshmeat for the Weekend 22/06

VMware Server RC 1 (Build 24927) got released! It is free, so grab a copy and give it an test drive. I just want to outline two advanced topics:

  • Linked Clones is an concept to use one basedisk for several VMs. Changes made by the VMs are written to snapshot images. That helps you to safe diskspace when using a lot of VMs. You can read more on how to do linked clones with VMware Server in the following thread on VMTN.
  • Use arbitrary block devices as Physical Disks in VMs. VMware normally allows you to use /dev/sd* and /dev/hd* devices. So you may run in to problems if you wanted to use LVM, soft-RAID (md) or things like AoE (ATA over Ethernet). vmware-bdwrapper solves such problems. Read how to get vmware-bdwrapper working with VMware Server in that thread.

But VMware Server RC1 was not the only release you should check out, get the following things as well if you are interested:

Veröffentlicht am

Oracle Secure Enterprise Search 10g

Oracle is doing a lot of press releases at the moment. First they bought Sleepycat (Berkeley DB) and now they try to attack Google.com? I watched the demo of Oracle Secure Enterprise Search and I must admit the web interface looks very familiar to me :-).

I am wondering if that new product is somewhat related to YAPA the Oracle Text demo from OTN. May be YAPA is the predecessor of SES? A crawler/spider component could also be found as an demo on OTN called Indagine.

On the other hand, it is more likely that SES is the continuation of TripleHop MatchPoint which Oracle bought in June 2005.

Links: