Dark Reading Radio: Oracle Database Security Hacked

Renowned Oracle database researcher/hacker David Litchfield has kept the database company honest for years now when it comes to security: No one knows security holes in Oracle databases like Litchfield.

The pressure his research has put on the database giant has yielded security improvements to its software over the past few years, and Litchfield was pleasantly surprised to see the new data redaction feature Oracle recently added to help protect sensitive information stored in the database. Data redaction, which protects sensitive data such as credit card numbers and SSNs in database queries by basically blocking that information from unauthorized eyes, has been widely touted as a major security feature for databases.

But when investigating the new feature, Litchfield discovered that data redaction can actually be abused by attackers to launch bigger attacks against the database. What Litchfield calls a "cool feature" by Oracle can't really protect sensitive database information after all.

Litchfield -- a security researcher with Datacom TSS as well as an avid shark diver who swears most sharks are safe to dive with -- will present his findings at the upcoming Black Hat USA conference in August.

In tomorrow's episode of Dark Reading Radio, I will host Litchfield, who will share with us insights into the holes he found in Oracle data redaction and just what that means to locking down your database. He may even share a shark tale or two as well.

So register now and join us tomorrow at 1:00 p.m. EDT, for "Hacked: Oracle Database Security." Have questions for our guest? Share them in the Comments section below, or bring them along to the show tomorrow. We will be taking questions from the live audience, and Litchfield will join us in a live text chat following the broadcast.