iPad Apps

For once I do not write anything related to Oracle Database Technologies and Security. After I’ve been asked from time to time, what I’ve installed on my iPad or what I could recommend, it is time to put things together again. It is not an “All-time best IOS App list” nor is the list exhaustive. It is just a personal experience at time of writing. Some App’s are just for the iPad and some are for the iPhone as well. For the price I can not make any statements. But I try to rate them at least with free, costs or free/costs. Where free/pay means that there are two version available.

My must haves

App’s which I regularly use.

iTunes Link Costs Comment
AroundMe free Information what’s around me e.g Restaurants, Bars etc.
Evernote free Collect and access your links, notes etc on the iPad and sync it with your Max
Facebook free Official FaceBook App. There are others around but it’s a good one to start with
Flipboard free My favorite to read news, twitter, etc
iBooks free Must have for eBook’s, PDF etc
Instapaper free Collect web links and read them later
PCalc RPN free/costs My RPN calculator and replacement for HP 48sx
Remote free Remote from Apple for Apple TV and iTunes
Schweizer Fernsehen free Information, news, TV program etc from the swiss broadcasting service
Swiss Phone free Swiss phone book
Twitter free Twitter client
free/costs eVersion of Tagesanzeiger newspaper

Business

Serious App’s for business. Ok in some cases I just though I need them for work…

iTunes Link Costs Comment
Numbers costs Apple’s spreadsheet app
Oracle free Oracle News App
Oracle Magazine free Oracle Magazine
Keynote costs Apple’s presentation app
GoodReader costs read and update all kind of documents, access dropbox, iCloud and WebDAV
OmniFocus costs Task manager with iPhone and Mac synchronisation
OmniGraffle costs Diagramming, charting, and visualization software for iOS
OmniGraphSketscher costs More drawing
Pages costs Apple’s word processing app
Quickoffice Pro HD costs App to view and edit Office documents. With WebDAV and DropBox access
Swiss Map Mobile costs Maps of Switzerland. I mean real maps not just funny pictures but expensive…
iOf free App for the Swiss army. Coordinates, regulations, SNORDA etc
Dropbox free Access and view documents on your dropbox account
Penultimate cost Notes and sketches
Reeder for iPad cost Newsreader for iPad and iPhone
iKeePass costs Password management storing the passwords in a keepass database
Textastic costs Text editor with syntax highlighting for differen languages (C, perl, sql etc)
WordPress costs iOS App to view and edit wordpress posts, pages etc
F5 BIG-IP Edge Client free Open a VPN over F5 VPN Gateways

Gadgets

Ok, these App’s are somehow just gadgets 🙂

iTunes Link Costs Comment
Evri for iPad free Something similar to Flipboard
FastFinga free/costs Write with your fingers
Find My Friends free Localize your friends…
IMDb Movie free Need to know anything about a movie or actor?
Find My iPhone free missing your iPhone? Here’s the app to look for it…
Google Earth free Google earth for the iPad
iBrainstrom free as the name implies
iCircuit cost Must have for an electrical engineer. App to draw and simulate circuits
iPhoto cost iPhoto for the iPad. Haven’t used it that much sofa
iWeather costs Nice weather app
Jumpidoo free Simple game from swiss rail service. Helpful if you are traveling with children 😉
SBB Memory free Another game from swiss rail service. Helpful if you are traveling with children 😉
NASA App HD free Pictures from outer space
Radios free Swiss and other internet radios
Skype for iPad free Skype what else….
Wikihood for iPad free/costs Wikipedia based travel guide
Wikipanion for iPad free/costs Wikipedia for the iPad
ZüriPlan free Maps from Zürich, City maps, history maps etc

The others

I have them but in most cases I do not really use the often 🙂

iTunes Link Costs Comment
Activity Monitor Touch free/costs Monitor resources on the iPad
Air Display costs Use your iPad as second monitor for your MacBook Pro
Bambo Paper fee Notes
Booking.com free Booking through booking.com
BlickTV for the iPad free Blick TV
Currency free Currency converter
Dictionary free/costs English / German dictionary
Google Search free Google App’s and Search
Google Translate free Interface to Google translate
iA Writer costs Cool way to write on iPad
Nespresso free Simple app to order Nespresso capsule
Kindle free Kindle Reader
On AIR free TV Schedules
Photogene costs Photo editing similar to iPhoto
Rezepte costs Collection of recipes
Schweizer Spezialitäten costs Swiss recipes
Swiss Info free Swiss news portal
Teletext costs Swiss Teletext
TomTom costs Tom Tom Navigator for iPhone and iPad
Zattoo free Watch TV on your iPad
20 Minuten free News portal for 20 Minutes

There are a few app’s more but run out of time….

Feel free to drop me a line about your favorite apps for the iPad

Oracle Database Security Seminar – New dates

After the two Database Security Seminars in february, Oracle plans two more events in june. I’ll participate with the presentation “Oracle Security – How much should it be?” as already posted in the older blog post Oracle Database Security Seminar – Wieviel darf es denn sein?. The event and presentation is again in german, but there will be a set of slides available in english.

Event Informations

Event announcement and description on the Oracle website.

Abstract

  • Datendiebstahl – auch bei Ihnen ein Risiko?
  • Aber wie hoch ist das Risiko? Und welche (sinnvollen!)
  • Massnahmen gibt es, um das Risiko zu reduzieren?

Dieser Vortrag präsentiert eine fragebogengestützte Herangehensweise an eine Risikoanalyse, anhand deren Ergebnisse die Datenbanken in Security-Klassen eingeteilt (public, intern, vertraulich) werden. In einem zweiten Schritt werden die Risiken pro Klasse definiert – und dazu die Massnahmen, um dies zu reduzierenden. Ziel des Vortrages ist, dass Sie Datenbanken klassifizieren lernen (Sie kennen deren Schutzbedarf und das vertretbare Restrisiko). Ausserdem sehen Sie an einem Praxisbeispiel die Umsetzungen der nötigen Massnahmen.

Slides

The updated slides can be downloaded after the event on this website. Slides from the last events in Düsseldorf, Berlin and Basel are already available.

Important links around the Oracle CPU / PSU April 2012

I’ve been out of office when the April CPU / PSU has been officially released by Oracle and missed to write a blog post. Nevertheless I’ll now take the chance to put a few information and links around the latest CPU together.
The current CPU / PSU patches are available for 10g and 11g, whereby the download of 10g patches is only possible with a corresponding Extended Support contract.
Overall Oracle addressed 88 vulnerabilities for several Oracle products in this security advisory. 6 of these fixes are just for the Oracle Database Server and one for client-only installations. The maximum CVSS base score for pure Oracle Server vulnerabilities is 9.0, which is quite high. But the big bang are not security fixes with a CVSS of 9.0 but old vulnerabilities which are not fixed. oracle addressed them with a dedicated alert Oracle Security Alert for CVE-2012-1675. The alert is related to an issue identified by Joxean Koret somewhen in 2008 and known as TNS Poison I’ll post a few comments on this later this week.

Affected database component according to the Database Server Risk Matrix:

  • Core RDBMS (mainly Oracle Net)
  • OCI
  • Application Express
  • Enterprise Manager Base Platform

The Database Server Patch’s are available for Oracle Database 11g Release 2 (11.2.0.2, 11.2.0.3), Oracle Database 11g Release (11.1.0.7) and Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5). There is no patch available for Oracle Database 10g Release 1 (10.1.0.5).

A bunch of useful links around the current CPU / PSU:

As well as a few generic links about CPU / PSU:

Update: DOAG / SOUG Security-Lounge at Basel

As I announced in my last post DOAG / SOUG Security-Lounge at Basel I’ve been at the Security-Lounge at Basel. The slides can know be downloaded below or from the download section on this website.

 Oracle_Audit_in_a_Nutshell.pdf  Oracle_Database_Security.pdf

I’m happy for any comment on the presentation or the slides. Feel free to add a comment or drop me a line by mail.

DOAG / SOUG Security-Lounge at Basel

I haven’t found time to provide any blog post in the past weeks. Never the less I would like to inform about the upcoming security lounge in Basel at which I’ll give two lectures about Oracle Security. It’s a small even with just one speaker 😉 Ok it was planned to have a second one but it did not work. The event is organized by the DOAG regional group Freiburg and SOUG. It will start at 17:30 on the 24th of April.

Have a look at the DOAG Webpage for a detailed Agenda of the Event and the location. Looking forward to see you there.

I’ll post the slides for both presentations shortly after the event on this page.

Oracle Database Security Seminar – Wieviel darf es denn sein?

Just finished my presentation about Database Security classification and possible risk minimization at the Oracle Database Security Seminar in Düsseldorf and Baden. Due to the fact that the hole Event is in german I’ve also wrote the presentation in german.

Abstract

  • Datendiebstahl – auch bei Ihnen ein Risiko?
  • Aber wie hoch ist das Risiko? Und welche (sinnvollen!)
  • Massnahmen gibt es, um das Risiko zu reduzieren?

Dieser Vortrag präsentiert eine fragebogengestützte Herangehensweise an eine Risikoanalyse, anhand deren Ergebnisse die Datenbanken in Security-Klassen eingeteilt (public, intern, vertraulich) werden. In einem zweiten Schritt werden die Risiken pro Klasse definiert – und dazu die Massnahmen, um dies zu reduzierenden. Ziel des Vortrages ist, dass Sie Datenbanken klassifizieren lernen (Sie kennen deren Schutzbedarf und das vertretbare Restrisiko). Ausserdem sehen Sie an einem Praxisbeispiel die Umsetzungen der nötigen Massnahmen.

Slides

The slides can be downloaded below or from the download section on this website.

 Security_Wieviel_darf_es_sein

I’m happy for any comment on the presentation or the slides. Feel free to add a comment or drop me a line by mail.

Oracle hidden init.ora parameter

This post focuses on init.ora parameters. It is not really new topic, but rather a personal reference to some practical queries and scripts. If you are the customer, it’s always handy when you can easily access your own queries.

It is quite simple to get some information on init.ora parameters from SQLPlus. Using a tool like TOAD or SQL Developer make it even easier. Unfortunately I work often at the customer without my own tools and scripts. So commandline and SQLPlus is the only “tools” available to work on the database. It is not an issue to dig through the data dictionary to get any kind of information as long as there is 1-2 view involved. But for querying multiple View’s, X$ views etc it is easier to have something on hand.

OK, what’s different with my queries? Not much, they just fit my needs 🙂 Instead of just querying v$parameter I’ll query as well the X$ views to see as well the hidden parameter and simple description for each parameter.

The first query does a select on X$KSPPI, X$KSPPCV, X$KSPPSV and V$PARAMETER to display all init.ora parameter including the hidden parameters. The result can be limited by adding a part of the parameter name or specify % to see all which then would be a little over 2500 parameters. S stands for it is session modifiable, I stands for it is system modifiable and D show if the parameter does still have the default value or not. I’ve added the query as hip.sql (stands somehow for hidden init parameter) to my small script collection which can be downloaded in the script section.

set linesize 235
col Parameter for a50
col Session for a28
col Instance for a55
col S for a1
col I for a1
col D for a1
col Description for a90

select  
  a.ksppinm  "Parameter", 
  decode(p.isses_modifiable,'FALSE',NULL,NULL,NULL,b.ksppstvl) "Session", 
  c.ksppstvl "Instance",
  decode(p.isses_modifiable,'FALSE','F','TRUE','T') "S",
  decode(p.issys_modifiable,'FALSE','F','TRUE','T','IMMEDIATE','I','DEFERRED','D') "I",
  decode(p.isdefault,'FALSE','F','TRUE','T') "D",
  a.ksppdesc "Description"
from x$ksppi a, x$ksppcv b, x$ksppsv c, v$parameter p
where a.indx = b.indx and a.indx = c.indx
  and p.name(+) = a.ksppinm
  and upper(a.ksppinm) like upper('%&1%')
order by a.ksppinm;

The second script does the same as the first one exempt that it limit the result to the list of parameter which are not default. I’ve added the query as hipf.sql (stands somehow for hidden init parameter false) to my small script collection which can be downloaded in the script section.

set linesize 235 pagesize 200
col Parameter for a50
col Session for a28
col Instance for a55
col S for a1
col I for a1
col D for a1
col Description for a90

select * from (select  
  a.ksppinm  "Parameter", 
  decode(p.isses_modifiable,'FALSE',NULL,NULL,NULL,b.ksppstvl) "Session", 
  c.ksppstvl "Instance",
  decode(p.isses_modifiable,'FALSE','F','TRUE','T') "S",
  decode(p.issys_modifiable,'FALSE','F','TRUE','T','IMMEDIATE','I','DEFERRED','D') "I",
  decode(p.isdefault,'FALSE','F','TRUE','T') "D",
  a.ksppdesc "Description"
from x$ksppi a, x$ksppcv b, x$ksppsv c, v$parameter p
where a.indx = b.indx and a.indx = c.indx
  and p.name(+) = a.ksppinm
  and upper(a.ksppinm) like upper('%&1%')
order by a.ksppinm) where d='F';

A few information on hidden init.ora parameter can be found in the Metalink Note How To Query And Change The Oracle Hidden Parameters In Oracle 10g [315631.1]

Update: Oracle released CPU / PSU January 2012

As I mentioned in a previous post Oracle CPU / PSU Pre-Release Announcement Januar 2012 the CPU / PSU patches are available for 10g and 11g. Whereby the download of 10g patches is again possible without a corresponding Extended Support contract. I assume this is related to the SCN flaw. This Critical Patch Update contains 78 new security vulnerability fixes for several Oracle products. 2 of these fixes are just for the Oracle Database Server, but none of them is for client-only installations. The maximum CVSS base score for pure Oracle Server vulnerabilities is 5.5, which seams to be not critical. On the other hand it look like one of this bug fix is related to the Oracle SCN flaw. I’ll post a few comments on this later this week.

  • Core RDBMS (related to the SCN flaw)
  • Listener

The Database Server Patch’s are available for Oracle Database 11g Release 2 (11.2.0.2,11.2.0.3), Oracle Database 11g Release (11.2.0.7), Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5) and Oracle Database 10g Release 1 (10.1.0.5). It looks like that the first CPU in 2012 is as well the first one for 11.2.0.3.

A bunch of useful links around the current CPU / PSU:

As well as a few generic links about CPU / PSU:

New release of Oracle Audit Vault

Somewhen beginning of 2012 Oracle has secretly released an update of Oracle Audit Vault. So far just for Linux x86-64bit but I guess other OS will follow. The new release is available trough OTN or Oracle eDelivery. You’ll have to download around 2.3GB for the Audit Vault Server and an other 620MB for the Audit Vault Collection Agent. According the Oracle Audit Vault documentation this release has the following new features.

  • Starting with this release Oracle use a 11.2.0.3 Database as Audit Vault repository
  • change of console URL respectively port from old http://host:5700/av to new https://host:1158/av
  • Updated MS SQL Server JDBC Driver. MS SQL Server JDBC Driver version 3.0 has to be used to configure Microsoft SQL Server source databases
  • Support for Sybase Adaptive Server Enterprise 15.5 and IBM DB2 9.7 for Linux, UNIX and MS Windows
  • SSL and HTTPS is automatically configured. Due to this a two avca command have been removed (secure_agent,secure_av)

OK the update to 11gR2 was somehow foreseeable. I wonder more why it took that long. Any way, I’ll setup a VM to do a short test installation and check how to new Audit Vault does look like. I’ll post my experience on the installation a bit later.

More details on these new features as well on all changes for 10.2.3.2 and 10.2.3.1 can be found in Oracle® Audit Vault Administrator’s Guide and Oracle Audit Vault Auditor’s Guide on OTN.

Oracle CPU / PSU Pre-Release Announcement Januar 2012

Oracle has recently published the Pre-Release Announcement for the CPU Patch. This Critical Patch Update contains 78 new security vulnerability fixes for several Oracle products. 2 of these fixes are just for the Oracle Database Server, but none of them is for client-only installations. The maximum CVSS base score for pure Oracle Server vulnerabilities is 5.5, which seams to be not critical. But on the other hand Oracle mention that 1 of this 2 fixes can may be remotely exploitable without authentication. If this is true, I would expect a higher CVSS rating. We will see it next week in detailed. Nevertheless the following Database Server Products are affected.

  • Core RDBMS
  • Listener

So far the Database Server Patch’s are planned for Oracle Database 11g Release 2 (11.2.0.2,11.2.0.3), Oracle Database 11g Release (11.2.0.7), Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5) and Oracle Database 10g Release 1 (10.1.0.5). It looks like that the first CPU in 2012 is as well the first one for 11.2.0.3.

The official release for the CPU / PSU is planned for next week 17 Januar 2012. More details about the patch will follow soon on the Oracle Security Pages: