Oracledbacr, por simple pasión ...-Copyleft Miembro Comunidad Tecnológica de Oracle Latinoamérica

viernes, 7 de septiembre de 2012

SANS News Weekend Sept 07, 2012

The international consortium on the 20 Critical Controls, led by Tony
Sager, will have its first meeting as part of the National Cybersecurity
Innovation Conference (to be keynoted by NSA's IAD Director, Deborah
Plunkett) October 3-4-5 at the Baltimore Convention Center. Attendees
will also see the top rated session from RSA - Ed Skoudis on the Five
Most Dangerous New Attack Techniques. You'll get the only U.S. briefing
(plus a Q&A workshop) by the Australians on their breakthrough that
stops targeted attacks (APT) and two very cool NSA innovations. Plus
you'll learn how NASA and HHS were able to automate security risk
mitigation quickly and cost effectively. Senior federal officials will
provide policy discussion on where the government is taking cyber
security defense and automation and you will also be able to attend (at
no additional cost) the collocated DHS/NSA/NIST program on continuous
monitoring. Register at sans.org/ncic-2012

**************************************************************************
SANS NewsBites September 7, 2012 Vol. 14, Num. 072
**************************************************************************
TOP OF THE NEWS
UK's GCHQ Chooses Top 20 Security Controls to Enable Businesses To
Protect Their Systems from Cyber Attacks
FTC Issues Mobile Security and Privacy Guidelines for Mobile App Developers
Government Lawyers Say Cell Phone Location Data Can be Obtained
Without Probable-Cause Warrant
THE REST OF THE WEEK'S NEWS
Court: Employee Had Valid Access Rights When He Downloaded
Proprietary Data
Pushdo Variant Hides Communication With Command-and-Control Server
Flash Not Patched in Windows 8 With IE10
Light Patch Tuesday Allows Time to Prepare for New Certificate
Requirements
Sony Acknowledges Customer Data Compromised
ICS-CERT Warns of Vulnerability in GarrettCom Network Switches
Huawei Maintains it is Not Engaged in Cyber Espionage
FBI Says Laptop Not Breached; Apple Says it Did Not Provide UDID
List to FBI
Two Men Charged with Attempting to Buy Trade Secrets

*************************** Sponsored By SANS *****************************

Special Webcast: Harvesting the Rotten Fruit II: Injecting until the
Application leaks! Monday, September 10, 2012 at 1:00 PM EDT - Featuring
Kevin Johnson. In this the second part of this trilogy, we will explore
how SQL injection affects our applications. We will also discuss some
basic methods for finding these issues and tools to make it easier for
organizations.

http://www.sans.org/info/112852

****************************************************************************
TRAINING UPDATE
**Featured Conference 1: National Cybersecurity Innovation Conference,
Oct 3-5, Baltimore - featuring briefings by and exhibits all the vendors
that have tools for automating the 20 critical controls and for
continuous monitoring. www.sans.org/ncic-2012
**Featured Conference 2: The IT Security Automation Conference (ITSAC)
Oct 3-5, Baltimore - featuring DHS and other government leaders
providing a clear picture of the changes coming in federal cybersecurity
- - - especially in cloud and continuous monitoring. Not to miss. We try
never to promote conferences where SANS doesn't control the program, but
is an exception because the DHS and NIST folks have done a great job!
https://itsac.g2planet.com/itsac2012/

- --SANS Capital Region Fall 2012 September 6-11 and October 15-20, 2012
http://www.sans.org/capital-region-fall-2012/
- --SANS Crystal City 2012 Arlington, VA September 6-11, 2012
4 courses. Bonus evening presentations include SIFT Workstation: The Art
of Incident Response.
http://www.sans.org/crystal-city-2012/
- --SANS Baltimore 2012 October 15-20, 2012
6 courses. Bonus evening presentations include Infosec Rock Star: How
to be a More Effective Security Professional.
http://www.sans.org/baltimore-2012/
- --SANS Network Security 2012, Las Vegas, NV September 16-24, 2012
43 courses. Bonus evening presentations include Evolving Threats; New
Legal Methods for Collecting and Authenticating Cyber Investigation
Evidence; and Intrusion Detection is Dead.
http://www.sans.org/network-security-2012/
- --SANS Forensics Prague 2012 Prague, Czech Republic October 7-13, 2012
6 courses. Bonus evening presentations include Big Brother Forensics:
Location-based Artifacts.
http://www.sans.org/forensics-prague-2012/
- --SANS Singapore 2012 Singapore, Singapore October 8-20, 2012
5 courses, including the new Virtualization and Private Cloud Security
course, and Advanced Forensics and Incident Response.
Don't miss this opportunity to upgrade your IT skills, work toward your
GIAC security certification, and network with other top information
security professionals.
http://www.sans.org/singapore-sos-2012/
- --SANS Seattle 2012 Seattle, WA October 14-19, 2012
5 courses. Bonus evening presentations include What's New in Windows 8
and Server 2012?; Assessing Deception; and Linux Forensics for Non-Linux Folks.
http://www.sans.org/seattle-2012/
- --SANS Chicago 2012 Chicago, IL October 27-November 5, 2012
9 courses. Bonus evening presentations include Securing the Kids and
Securing the Human.
http://www.sans.org/chicago-2012/
- --SANS London 2012 London, UK November 26-December 3, 2012
16 courses.
http://www.sans.org/london-2012/
- --Looking for training in your own community?
http://www.sans.org/community/
- --Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Dubai, San Diego, Johannesburg, Seoul, and Tokyo all
in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org

***************************************************************************

TOP OF THE NEWS
--UK's GCHQ Chooses Top 20 Security Controls to Enable Businesses To
Protect Their Systems from Cyber Attacks
(September 5 & 6, 2012)
The UK's GCHQ is introducing a new program to help British businesses
protect their computer systems from attacks. The program is called Cyber
Security for Business and was launched on Wednesday, September 5. This
marks the first time that intelligence services in the UK will be
working directly with private sector organizations to help better their
cybersecurity stance. GCHQ has created a guide titled Top 20 Critical
Controls for Effective Cyber Defence, which is aimed at helping
organizations reduce the risk of cyberthreats and prevent or deter most
attacks. GCHQ director Iain Lobban says the approach will "make the bad
guys' job harder and won't cost a fortune."
http://www.v3.co.uk/v3-uk/news/2203085/gchq-to-arm-uk-businesses-against-cyber-attacks
http://www.telegraph.co.uk/news/uknews/defence/9521715/PLS-PIC-AND-PUB-GCHQ-to-advise-senior-business-leaders-on-how-to-fight-cyber-attacks.html
http://www.independent.co.uk/news/uk/politics/spooks-to-show-businesses-how-to-fight-cyber-attacks-8105025.html
http://www.theregister.co.uk/2012/09/05/cyber_security_gchq_launch/
http://www.scmagazineuk.com/if-the-government-talks-about-cyber-security-will-anyone-listen/article/257733/
[Editor's Note (Honan): The Top 20 security controls are available from
http://www.bis.gov.uk/policies/business-sectors/cyber-security/downloads
The executive companion document is interesting in that it provides case
studies to help senior management understand the impact of a breach and
the steps to prevent it. ]

--FTC Issues Mobile Security and Privacy Guidelines for Mobile App Developers
(September 5, 2012)
The US Federal Trade Commission (FTC) has issued guidelines for mobile
application developers to help them avoid privacy and security pitfalls.
Privacy recommendations include being transparent about data practices;
giving users control over how their information is used; and retaining
data only after obtaining explicit consent. The guidelines also remind
developers to use clear language when describing their practices and of
the steps they will have to take with their customers if they change
their privacy practices at a later date. The FTC's security
recommendations include making sure that apps collect only the
information they really need and that they do not keep the information
when it is no longer necessary. Developers are also reminded to make
sure their practices live up to promises.
http://www.scmagazine.com/ftc-offers-guidance-for-mobile-application-development/article/257656/
http://business.ftc.gov/documents/bus81-marketing-your-mobile-app
[Editor's Note (Pescatore): Ahh, another example of how the FTC just
keeps on doing its job, doesn't seem to need new regulations, etc.
There's also an interesting thing going on: the "consumerization of IT"
has lead to lots of advertising-subsidized "free" IT being used by both
consumers *and* businesses. The FTC has been playing a meaningful role
in enforcing privacy rules but also tends to be the tip of the
enforcement spear around deceptive advertising. The two areas have
increasing overlap.]

--Government Lawyers Say Cell Phone Location Data Can be Obtained
Without Probable-Cause Warrant
(September 5, 2012)
Citing a 1976 US Supreme Court precedent, US government lawyers said
that the public does not have a "reasonable expectation of privacy"
regarding cellphone location data, and that therefore, the information
may be obtained from wireless carriers without need for a probable-cause
warrant. The lawyers maintain that the information is consistent with
the definition of "third-party records," meaning that customers do not
have the right to keep the information private. The case in question is
one brought against Antoine Jones, whose conviction on drug dealing
charges was overturned by the Supreme Court earlier this year because
they ruled that the use of a GPS device on Jones's car was tantamount
to an illegal search. After that ruling, the FBI halted the use of 3,000
GPS tracking devices.
http://www.wired.com/threatlevel/2012/09/feds-say-mobile-phone-location-data-not-constitutionally-protected/
http://www.pcworld.com/article/261957/us_takes_second_crack_at_gps_tracking_target.html

************************** Sponsored Links: ****************************

1) "New Analyst Paper in the SANS Reading Room! Secure Configuration
Management Demystified, by senior SANS Analyst Dave Shackleford"
http://www.sans.org/info/112857

2) SANS Analyst Webcast! Monitoring is Nothing without the Ability to
Respond: Using the Principles of Continuous Monitoring for Threat
Modeling and Response. Thursday, October 11, 1 PM EST, featuring SANS
executive leadership course instructor and federal expert, G. Mark Hardy
and Tiffany Jones, senior manager of products at Symantec.
http://www.sans.org/info/112862

3) Simplifying Identity Management: SANS Product Review of Oracle
Identity Governance Solutions by Senior SANS Analyst, Dave Shackleford
Thursday, September 27, 2012, 9 am Pacific/12 Noon Eastern.
http://www.sans.org/info/112867

***************************************************************************

THE REST OF THE WEEK'S NEWS
--Court: Employee Had Valid Access Rights When He Downloaded Proprietary Data
(September 6, 2012)
A US Federal Appeals Court has ruled that an employee who downloaded
proprietary data from his employer cannot be prosecuted under federal
anti-hacking laws because he used valid access rights to obtain the
information. Mike Miller and his assistant, Emily Kelley, allegedly
downloaded proprietary information from WEC Carolina Energy Solutions
shortly before resigning from the company in April 2010. Miller
allegedly used the information to get business for his new employer,
which is a rival of WEC. WEC sued Miller and Kelly under a number of
state laws and the 1986 federal Computer Fraud and Abuse Act (CFAA). WEC
maintained that when Miller and Kelley downloaded the proprietary
information, they violated company use policies, thus forfeiting their
authorized access, and were therefore able to be prosecuted under CFAA.
On February 2011, the US District Court in South Carolina rejected those
claims, saying that Miller still had authorized access when he
downloaded the data. The US Court of Appeals for the Fourth Circuit
upheld the lower court's decision.
http://www.computerworld.com/s/article/9230998/Worker_had_proper_access_when_he_snagged_corporate_data_court_rules?taxonomyId=82
http://www.tradesecretsnoncompetelaw.com/uploads/file/WEC.pdf
[Editor's Note (Honan): This story shows why the insider threat is
difficult to managed and why it is so important to regularly manage the
access rights staff have to sensitive information. You also need to
monitor those access rights for unusual behaviours to ensure they are
not being abused. ]

--Pushdo Variant Hides Communication With Command-and-Control Server
(September 6, 2012)
In the last several weeks, more than 100,000 computers have been
infected with a new variant of the Pushdo Trojan horse program. This
version of Pushdo sends HTTP requests to 300 legitimate websites in an
attempt to disguise its communication with the actual
command-and-control server, making it more difficult for researchers to
gather information about the botnet's behavior. Earlier Pushdo versions
used the same technique, but sent the misleading traffic to high-profile
websites, which made it easier for researchers to weed out the nonsense
traffic. The hidden HTTP traffic has been heavy enough at times to knock
the legitimate sites offline. Pushdo generally spreads through drive-by
download attacks.
http://www.scmagazine.com/new-pushdo-variant-infects-more-than-100k-computers/article/257666/

--Flash Not Patched in Windows 8 With IE10
(September 6, 2012)
Users running Windows 8 with Internet Explorer 10 (IE10) are at risk
from security flaws in Adobe Flash that could be exploited to crash and
possible take control of vulnerable systems. Adobe has released fixes
for the flaws, but the version of Flash that comes with IE10 is not
updated to address the most recent security concerns. Users running
Windows 7 who have enabled automated updates are protected, as are Mac
users. However, the version of Flash that comes with IE10 is a built-in
component instead of a plug-in, it can be updated only by Microsoft.
Google does the same thing with Chrome, but addresses the issue by
including Flash updates when it pushes out its automatic Chrome updates.
http://www.zdnet.com/microsoft-puts-windows-8-users-at-risk-with-missing-flash-update-7000003834/

--Light Patch Tuesday Allows Time to Prepare for New Certificate Requirements
(September 6, 2012)
On Tuesday, September 11, Microsoft will issue two security bulletins
to address a total of four vulnerabilities. Both have maximum severity
ratings of important. The light load for September is to allow time to
prepare for the October update which will invalidate all digital
certificates that have keys smaller than 1,024 bits. Microsoft is
implementing the requirement to help protect users from the likes of
Flame malware, which used spoofed Microsoft certificates.
http://www.scmagazine.com/light-patch-tuesday-will-include-new-encryptiorule/article/257870/
http://www.computerworld.com/s/article/9230995/Microsoft_gives_users_a_patch_break_and_time_to_prep_for_certificate_slaying?taxonomyId=85
http://technet.microsoft.com/en-us/security/bulletin/ms12-sep

--Sony Acknowledges Customer Data Compromised
(September 5, 2012)
Sony has acknowledged that attackers stole the names and email addresses
of 400 mobile customers in China and Taiwan. No financial account
information was accessed. The data were taken from a server run by a
third-party provider in China.
http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240006800/sony-allegedly-hacked-by-nullcrew.html
http://www.computerworld.com/s/article/9230977/Sony_says_400_customer_names_emails_from_mobile_division_leaked_in_China?taxonomyId=82

--ICS-CERT Warns of Vulnerability in GarrettCom Network Switches
(September 4 & 5, 2012)
The US Industrial Control System Computer Emergency Response Team
(ICS-CERT) has issued a security advisory warning of a vulnerability in
certain GarrettCom network switches. The devices use hard-coded
passwords on default accounts. To exploit the vulnerability, attackers
would need to have access to a login account on the device. Once they
have access, however, attackers could elevate privileges and make
changes to electrical switches and other industrial controls attached
to the devices. According to the ISC-CERT advisory, the vendor issued a
patch for the flaw in May, but the release notes accompanying the patch
did not describe the issue so some customers may not have yet applied
it.
http://www.theregister.co.uk/2012/09/05/more_insecure_scada/
http://arstechnica.com/security/2012/09/secret-account-in-mission-critical-router-opens-power-plants-to-tampering/
http://www.h-online.com/security/news/item/GarrettCom-industrial-switches-open-to-attack-1701193.html
https://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf

--Huawei Maintains it is Not Engaged in Cyber Espionage
(September 4 & 5, 2012)
Huawei has issued a public statement asserting that it has never been
involved in cyber espionage or other illegal acts. The statement follows
close on the heels of news that Huawei and ZTE have been invited to
testify before a US Congressional subcommittee regarding cyberthreats
to the US critical infrastructure from its networking equipment.
http://www.theregister.co.uk/2012/09/05/huawei_denies_spying/
http://www.huawei.com/en/about-huawei/newsroom/press-release/hw-187387-securitywhitepaper.htm
[Editor's Note (Pescatore): There is a "glass houses and stone throwing"
kinda thing going on here. Could *any* IT hardware or software vendor
in *any* country actually prove to any *other* country's government that
it *never* agreed to its home country's government requests to support
intelligence efforts? ]

--FBI Says Laptop Not Breached; Apple Says it Did Not Provide UDID List
to FBI
(September 4 & 5, 2012)
An FBI spokesperson said that it is "aware of published reports alleging
that an FBI laptop was compromised and private data regarding Apple
UDIDs (unique device identifiers) was exposed. At this time there is no
evidence indicating that an FBI laptop was compromised or that the FBI
either sought or obtained this data." A subgroup of hackers claiming
affiliation with Anonymous said that it had obtained the file from an
FBI laptop. Apple says it never gave such a list to the FBI, and an
Apple spokesperson said the company "will soon be banning the use of the
UDID." The authenticity of the data have been verified, so the question
remains: where did the data come from?
http://arstechnica.com/apple/2012/09/apple-denies-giving-ios-device-identifier-list-to-fbi/
http://www.computerworld.com/s/article/9230918/FBI_denies_it_was_source_of_leaked_Apple_device_ID_data?taxonomyId=208
http://news.cnet.com/8301-1009_3-57505925-83/fbi-finds-no-evidence-that-antisec-hacked-its-laptop/
http://www.wired.com/threatlevel/2012/09/fbi-says-laptop-wasnt-hacked-never-possessed-file-of-apple-device-ids/

--Two Men Charged with Attempting to Buy Trade Secrets
(September 4, 2012)
Two Chinese nationals have been charged with attempting to buy stolen
trade secrets. The men were arrested on September 2, 2012, after paying
a Pittsburgh Corning employee who was working with the FBI for documents
that were said to contain the proprietary information about Corning's
FOAMGLAS product. The men allegedly attempted to purchase the
information because they planned to open a competing facility in China.
The men were charged in US federal court in Kansas City, Missouri.
http://www.bizjournals.com/kansascity/news/2012/09/04/chinese-nationals-in-kansas-city-face.html
http://www.justice.gov/usao/mow/news2012/huang.com.html
[Editor's Comment (Northcutt): FOAMGLAS is cellular insulation. While
it has building applications, it also has industrial applications when
you need high performance and is restricted in certain companies.
http://www.foamglas.com/ ]

************************************************************************
The Editorial Board of SANS NewsBites

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of
STI, The Premier Skills-Based Cyber Security Graduate School,
www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.

Ed Skoudis is co-founder of CounterHack, the nation's top producer of
cyber ranges, simulations, and competitive challenges, now used from
high schools to the Air Force. He is also author and lead instructor of
the SANS Hacker Exploits and Incident Handling course, and Penetration
Testing course..

William Hugh Murray is an executive consultant and trainer in
Information Assurance and Associate Professor at the Naval Postgraduate
School.

Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.

Tom Liston is a Senior Security Consultant and Malware Analyst for
InGuardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting. Mason Brown is one of a
very small number of people in the information security field who have
held a top management position in a Fortune 50 company (Alcoa). He is
leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.

Alan Paller is director of research at the SANS Institute.

Brian Honan is an independent security consultant based in Dublin,
Ireland.

David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

This is not our farewell Fabian Chavarria

Esta es la primera composición de mi hijo. Todos aquellos que quieran apoyarla se los agradezco.

Resources Oracle Linux Website- How to for SysAdmins and Developers

This page provides resources to help sysadmins and developers of Oracle Linux evaluate, deploy, and maintain installations of the Linux OS and the Unbreakable Enterprise Kernel.
You can also find more information about Oracle Linux here:

Forums

Blog

Training

The Oracle Linux distribution is free to download use and distribute. Oracle Linux Support is available if you want premier backports, comprehensive management, indemnification, testing, and more.

Blog: How to subscribe to the free Oracle Linux errata yum repositories
Blog: Unbreakable Enterprise Kernel Release 2 has been released

To see Oracle's hosted Linux projects and FOSS from Oracle, visit oss.oracle.com.

What's New

Tech Article: How I Use the Advanced Features of the Btrfs File System in Oracle Linux
How to create and mount a Btrfs file system. How to copy and delete files. How to create and manage a redundant file system configuration. How to check the integrity of the file system and its remaining capacity. How to take snapshots. How to clone. And more. In this article Margaret explores the more advanced features of the Btrfs file system.
posted Wed, 15 Aug 2012 19:39:24 +0000

Blog: How and Why We Integreated ASMLib Into Oracle Linux, by Wim Coekaerts
Oracle Automatic Storage Management (ASM), developed in 2004, was a sophisticated volume manager of sorts for Oracle data. It was great, but difficult to administer. ASMlib is a small set of extensions designed to make device management easier. Wim explains how and why Oracle decided to integrate Oracle ASMLib into Oracle Linux.
posted Wed, 18 Jul 2012 21:06:02 +0000

Tech Article: Tips for Hardening an Oracle Linux Server
General strategies for hardening an Oracle Linux server. Oracle Linux comes "secure by default," but the actions you take when deploying the server can increase or decrease its security. How to minimize active services, lock down network services, and many other tips. By Lenz Grimmer and James Morris.
posted Tue, 17 Jul 2012 17:42:44 +0000

Tech Article: How I Got Started With The Btrfs File System for Oracle Linux
The basic capabilities that Margaret Bierman discovered while becoming familiar with the Btrfs file system in Oracle Linux, plus the instructions she used to create a file system, verify its size, create subdirectories, and perform other basic administrative tasks.
posted Thu, 12 Jul 2012 13:00:19 +0000

Tech Article: Which Tool Should I Use to Manage Which Virtualization Technology?
A summary of the interfaces and tools that sysadmins can use to set up and manage virtual server, operating system, network, and storage resources from Oracle.
posted Thu, 05 Jul 2012 16:41:11 +0000

Podcast: A Technology Preview of Transcendent Memory
Turns out that in a virtual environment, RAM is the bottleneck. Not because it's slow, it's not, but because each CPU still had to use its own RAM. Which gets expensive. In this podcast, Dan Magenheimer describes how Oracle and the open source community taught the guest kernel in Oracle Linux to share its memory with other CPU's. Transcendent memory will wind up saving large data centers a lot of money. Find out how.
posted Mon, 11 Jun 2012 20:53:51 +0000

Tech Article: How to Create a Local Yum Repository for Oracle Linux
How to create a local yum repository for Oracle Linux, and configure up2date and yum to install and update packages from the repositories. By Jared Greenwald.
posted Mon, 11 Jun 2012 16:41:30 +0000

Tech Article: How to Develop Code from a Remote Desktop with Oracle Solaris Studio
In Oracle Solaris Studio 12.3, you can control, from a desktop such as Microsoft Windows, the compilers and tools running on a remote Oracle Solaris or Oracle Linux system. This desktop distribution of the Solaris Studio IDE enables you to do full-fledged development on that remote system.
posted Tue, 26 Jun 2012 16:47:52 +0000

Webcast: Top Tips to Get the Most Out of Your Linux Deployments (May 9, 9am PT)
Learn how avoid common pitfalls, prevent problems and circumvent known issues to accelerate your deployment. Find out how to configure your Linux system the right way, learn diagnostics tricks, and get a wealth of best practices for running Linux in real-world enterprises.
posted Tue, 24 Apr 2012 20:15:13 +0000

Tech Article: Installing PHP and the Oracle TimesTen In-Memory Database on Linux
How to install and Oracle TimesTen In-Memory Database on Oracle Linux 6 and manage it with scripts supported by the OCI8 extensions to PHP.
posted Wed, 18 Apr 2012 23:05:08 +0000

Sesiones Oracle ACE amigos en Oracle OpenWorld 2012

Un fuerte abrazo y muchos éxitos a nuestros amigos Oracle ACE, que estarán realizando sus sesiones en el próximo Oracle Open World 2012, en San Francisco, a partir del próximo 30 de setiembre.

CON10923 Consolidation: Optimize Your Entire Oracle Investment as a Platform for Growth Debra Lilley
CON3543 Consolidation for the Cloud Debra Lilley ( OTN TOUR LAD 2012 )
CON3765 "Think Outside Your Interconnect" When Optimizing Your Oracle RAC Environment Murali Vallath
CON3875 High-Availability Infrastructure of the Database Cloud: Architecture and Best Practices Kai Yu
SBH4843 How Fujitsu Built Its Oracle Cloud for Its Customers Debra Lilley
CON5101 Integrating Oracle Database Appliance with Sun ZFS Appliance to Achieve HA Security Daniel Morgan, Hans Forbrich
CON5206 Simplify App Deployment in the Cloud with Virtual Assemblies and Oracle Enterprise Manager 12c Kai Yu
CON5716 Database Design with Oracle SQL Developer Data Modeler Heli Helskyaho
CON8320* Improving Performance with Better Indexes Ronald Bradford
CON8322* Lessons from Managing 500+ MySQL Instances Ronald Bradford
CON8782* Google-Hacking MySQL Sheeri Cabral
CON8831* Database Scaling at Mozilla Sheeri Cabral

Bloggers Unite at Annual OpenWorld Blogger Meetup

By Bob Rhubart on Sep 07, 2012

OTN is pleased to be once again be working with our friends at Pythian to sponsor the 2012 edition of the annual Blogger Meet-up, a grassroots community event that occurs during Oracle OpenWorld.

What:	Oracle Bloggers Meetup 2012
When:	Wed, 3-Oct-2012, 5:30pm
Where:	Main Dining Room, Jillian’s Billiards @ Metreon 101 Fourth Street San Francisco, CA 94103 (street view).
Please RSVP

The meet-up was started several years ago by Oracle ACE Director Mark Rittman as a casual get-together for the community of bloggers who share a common interest in Oracle technologies to gather for shop talk and an adult beverage or two. This was the first opportunity for of many of these bloggers to meet face to face, and the gathering gained momentum.

A few years in Oracle ACE Director Eddie Awad stepped in as organizer, until passing the torch in 2009 to Pythian CTO and Oracle ACE Director Alex Gorbachev , who continues to keep the flame burning.

Bloggers with expertise in any and all Oracle products and technologies are invited to attend. Please RSVP via the comments section in Alex's blog.

Several blog aggregators are available that make it possible to track the activity of this community of bloggers. You'll find a list here (orafaq.com)

JAVA update CVE-2012-4681

Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers. These vulnerabilities are: CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547.

These vulnerabilities are not applicable to standalone Java desktop applications or Java running on servers, i.e. these vulnerabilities do not affect any Oracle server based software."
(Read more at https://blogs.oracle.com/security/entry/security_alert_for_cve_20121)

Updates are available at http://www.oracle.com/technetwork/java/javase/overview/index.html or Check your Java version online: http://www.java.com/de/download/testjava.jsp

Pilar García, vicepresidente de Sistemas de Oracle Latinoamérica

Fuente: CIO AMERICA LATINA
Marcelo Lozano

A modo de adelanto de lo que veremos en el próximo Oracle Open World en la Ciudad de San Francisco en los Estados Unidos, consultamos a Pilar García, vicepresidente de Sistemas de Oracle Latinoamérica para conocer el estado del arte de Sistemas de Oracle Latinoamérica

Oracle se ha convertido en un jugador de peso en el segmento hardware , ¿cómo ha cambiado el mapa de negocios de hardware a nivel mundial?

Las herramientas de Hardware de Oracle han cambiado el mapa de negocios precisamente porque nuestra oferta busca hacer la vida más fácil para nuestros clientes, que en el mundo de negocios significa reducir sus costos con sistemas completos sin que sean complejos y difíciles de mantener. Con Oracle Hardware, las empresas pueden simplificar sus operaciones y procesos de TI, modernizando esta infraestructura con los mejores sistemas de Hardware para poder reducir costos operativos, aumentar la productividad y al mismo tiempo tomar consciencia de la importancia de operar estas herramientas de una manera eco-eficiente. Al eliminar sistemas de almacenamiento y servidores que son anticuados y sustituyéndolos por sistemas más rápidos y eficientes, las empresas pueden incrementar su ROI y ganar una ventaja competitiva en el mercado, mientras simplifican su infraestructura, pudiendo así aportar más valor a su negocio.

La integración de la fuerte experiencia de Oracle en sistemas, junto al aporte de valor que sumó la compra de SUN Microsystems, ¿Cómo ha resultado para las empresas de América Latina?

La integración ha traído muchísimos beneficios para nuestros clientes en América Latina. Hoy en día, en lugar de tener que usar varios vendors para sus necesidades de software y hardware, pueden contar con Oracle para todo. Los clientes pueden correr el software de Oracle sobre el hardware de Oracle, lo cual facilita la administración de los sistemas operativos de una empresa, sube el nivel de rendimiento y reduce drásticamente el tiempo de implementación. La adquisición de Sun convirtió a los productos de Oracle en herramientas que son desarrolladas, empaquetadas, certificadas, implementadas y actualizadas al mismo tiempo, ofreciendo un “stack” completo y basado en una integración y optimización incomparables en el mercado. Pero, claro, los clientes también pueden comprar productos de diferentes empresas, y contar con las arquitecturas abiertas e integradas de Oracle.

¿Qué obtiene un CIO local cuando se apoya en Oracle para manejar los negocios de su empresa?

Un CIO obtiene un beneficio clave para su compañía: más valor por su negocio. Al implementar las soluciones de hardware y software de Oracle, nuestros clientes cuentan con el apoyo que Oracle ofrece en cuanto a mantenimiento, provisiones y pruebas de estos equipos, sin tener que sacarlo de su presupuesto de TI. Además, la optimización superior de estos sistemas abren las puertas a posibilidades infinitas de lo que se puede lograr dentro del data center.

¿Qué impacto tuvo hasta el momento Exadata en la región? ¿Qué ventajas ofrece como oferta de valor?

Oracle Exadata Database Machine ha sido muy bien recibido en la región debido al rendimiento y capacidades que ofrece. Actualmente, es la única plataforma en el mercado para consolidar tanto datos del data warehouse como aplicaciones dentro de la nube privada. Dado que la adopción de la nube en Latinoamérica ha mostrado mucho potencial de crecimiento, es importante ofrecer a nuestros clientes soluciones de hardware que sean compatibles con ésta. Oracle Exadata es un paquete completo de servidores, almacenamiento, redes y software que brinda la más alta escabilidad y seguridad. Con Exadata, las empresas pueden reducir costos relacionados con TI a través de mayor consolidación, la capacidad de almacenar hasta 10 veces más data, etc. En el centro del Oracle Exadata hay servidores de almacenamiento de Oracle Exadata, los cuales combinan software inteligente de almacenamiento y sistemas de hardware líderes en la industria, lo cual hace a Oracle Exadata extremadamente atractivo a las empresas. Otra gran ventaja es que al elegir un sistema de ingeniería integrada, el cliente contará con apenas un punto de contacto para obtener el mejor resultado de su infraestructura tecnológica, además de simplificarla, lo que permite dedicar más tiempo para evolucionar el negocio.

¿Cuáles son los segmentos foco de Oracle en la región?

Como mencioné anteriormente, la adquisición de Sun nos permitió enfocarnos no solamente en software sino también en hardware. Claro está que estos son nuestros segmentos más generales, y dentro de ellos existen soluciones y aplicaciones que satisfacen las necesidades de cualquier cantidad de empresas en industrias muy variadas. El enfoque en cada uno de estos segmentos más específicos depende de las más grandes industrias y áreas de producción de cada país.

Esta nueva visión sobre la integración de software y hardware ¿Cómo ha impactado en los canales de Oracle?
Ha sido un impacto muy positivo. Ahora nuestros socios de negocio tienen una gama mucho más amplia de soluciones a ofrecer y pueden llegar a una audiencia de clientes mucho más grande. A su vez, Oracle se esfuerza por dar entrenamientos regulares a sus socios de manera que ellos puedan estar capacitados para entender todo sobre nuestro portafolio de hardware y de software y así lograr que las ventas sean mas
fáciles.

En cada uno de los segmentos foco que nos ha nombrado, ¿podría comentarnos que casos de éxito se han destacado?

Muchas empresas de Latinoamérica eligieron hardware de Oracle para ejecutar su infraestructura de TI. Tenemos varios casos de éxito que se
puede elegir por producto (servidor o storage) o solución (Engineered Systems o hardware y software Oracle combinados para mejor desempeño). En en siguiente link están publicados algunos de esos casos.

¿Cuáles son sus próximos desafíos en la región?

Latinoamérica es una región de avances económicos y adopción de tecnología que camina a pasos de gigante. Cada vez tenemos más fuerza económica, hacemos mejor uso de nuestros recursos, y entendemos más la importancia del medio ambiente. Esto significa que América Latina será el foco de muchas inversiones, de nuevos proyectos e iniciativas, y nosotros debemos saber aprovecharlo. Lo he visto en nuestra industria y en muchas otras, lo cual presenta oportunidades extremadamente valiosas para Oracle. Al incorporar cada vez más talento, más conocimiento y más preparación, podremos llegar al siguiente nivel no sólo de producción de hardware y software optimizado, sino de implementación alrededor de toda la región.

¿Qué oportunidades abre la nube desde el punto de vista del hardware?

Una de las maneras más importantes en que Oracle ha evolucionado en marco de la nube es nuestra oferta de un amplio portafolio de productos y servicios de hardware que permiten el desarrollo de nubes públicas, privadas, o híbridas. Ofrecer diferentes tipos de hardware para cada empresa les permite a ellas elegir el enfoque más conveniente para su negocio – este por supuesto es el factor más importante cuando se
trata de elegir un sistema de cloud sobre el otro, las necesidades de cada empresa. Oracle ofrece la tecnología más completa e integrada de la industria para operar la nube, ya sea a través de aplicaciones, infraestructura, seguridad, etc. para que estas compañías puedan modificar estas herramientas de manera que puedan optimizar mejor sus propias operaciones.

jueves, 6 de septiembre de 2012

Top 50 paises Twitteros: 8 Latinoamericanos presentes

El "twittear", se ha convertido en los últimos años, en un medio eficiente para comunicar pensamientos, noticias, anuncios publicitarios, compartir conocimiento, discusión, cultura, etc.

Aunque muchos dicen, que ha perdido seguidores en los últimos dos años, frente a otras aplicaciones como Facebook, creo que más bien, se ha vuelto más filtrado el tipo de usuario que se engancha en esta práctica. Sabemos que existe un porcentaje muy elevado de cuentas fantasmas en ambas plataformas, pero me parece, que es menos atractivo para alguién, crear una cuenta de Twitter que una de Facebook.

Latinoamerica ha ganado mucho terreno en esta actividad y según Tweet Grader, en el top 50 por país; 8 países Latinoamericanos forman parte del top50 mundial, que encabeza los Estados Unidos, Reino Unido y la India.

Estos son los países más twitteros de LATINOAMERICA, con su respectivo puesto:

4	Brasil
11	México
16	Venezuela
17	Chile
18	Colombia
23	Argentina
35	Belice
37	Costa Rica

http://tweet.grader.com/top/countries

Previo al viernes: "Sr DBA:"Don´t touch my database"

Reconciliación Oracle y HP, consecuencias.

Bueno como ya lo han conocido a través de mi cuenta de twitter @rovaque, temprano hablamos el día martes, de la decisión de Oracle, específicamente en un comunicado del encargado de prensa de Larry Ellison, de echar marcha atrás, en la política establecida meses atrás, de dejar fuera de soporte a los procesadores ITANIUM de HP, acatando las ordenes emitidas por el "Juezgado", en favor de HP.

Difícil decisión, que puede traer consecuencias positivas y negativas a ambos mandos. El más afectado inicialmente, por lo inesperado del desenlace del juicio, podría ser la imágen de Mark Hurd. Porqué Mark? Bueno después de la victoria de HP sobre Oracle, en el tema de ITANIUM, la imagen de Mark, podría verse mal, en una posible reconciliación de ambas compañías a la hora de establecer agendas conjuntas, para la realización de proyectos conjuntos.

Mark ha sido muy duro a la hora de criticar a HP en este proceso y esto podría pasarle la factura en los próximos meses. Al estar a la vuelta de la esquina el OOW2012, es muy posible, que Safra, surja como una opción más neutra, fresca y conciliadora, a la hora de mostrar una cara corporativa, en un evento de las características e importancia tan relevantes para el Mundo de Negocios de Oracle.

Es muy posible, que este anuncio, haga que las ventas en este "Q" de servidores ITANIUM, tenga un breve repunte y el éxito del mismo, podría estar asociado, a que el lanzamiento del nuevo motor de base de datos Oracle Database 12c, considere desde el principio, la liberación del software para esta plataforma.

El lanzamiento de Oracle Database 12c, podría ser el más afectado con la medida tomada por Larry en esta semana con respecto a HP Itanium. El OOW2012, esta a la vuelta de la esquina. Si al final de cuentas, nuestro vaticinio de que la liberación de la versión 12c, podría ser el 12/12/12, fuera equivocada, queda ya muy pocos días, para que la misma, si se iba a hacer en el OOW, pudiera ir acompañada de la versión de software para el procesador Itanium.

Sería muy evidente el hecho, de que Oracle hubiera presupuestado una derrota en los tribunales, si el lanzamiento se hiciera a finales de este mes y se indicara que la versión 12c, tendría su versión de software para Itanium.

Hurd, estuvo siempre seguro, que Oracle triunfaría en los tribunales y que se les daría la razón en el caso. Ni siendo "Mandrake", el equipo de desarrollo, tendría la versión disponible para Itaninum para finales de este mes, al menos, que la aseveración hecha anteriormente, hubiera sido considerada, lo cuál por otro lado, mostraría a Mark, como un mentiroso y por tanto, un deterioro tremendo a su imagen.

Por otro lado, podría verse como un acto de rebeldía de parte de Oracle, el de liberar su nuevo motor de base de datos, sin tomar en cuenta una versión para Itanium, lo cuál podría dar rienda suelta, para una nueva contra-demanda de parte de HP, al no cumplir con lo establecido por el Juez.

SUN podría ser el otro gran perdedor en este inesperado desenlace para Oracle. Los clientes fieles a HP, podrían tranquilamente actualizar sus plataformas a los nuevos modelos ITANIUM y no migrar sus plataformas a SUN Intel o Sparc, lo que llevaría consigo a un nuevo trimestre de números rojos, para la división de hardware de Oracle.

Será muy oportuno, analizar los resultados del trimestre en el mes de enero 2013, para ver, quién salió victorioso y hacer un levantado de daños y perjuicios, para aclarar los nublados del día sobre el tema. Por el momento las políticas para el ciclo de vida de soporte de plataformas hardware, no han sido actualizadas todavia en MOS ( My Oracle Support ), por tanto, no tenemos un documento de referencia, en el que se nos indique, que va a suceder con ITANIUM en los próximos meses y años.

Quién se atreve a hacer pronósticos. ???

INFORMATION INDEPTH NEWSLETTER Database Insider Edition

NEWS

IOUG President John Matelski Previews Oracle OpenWorld
As Oracle OpenWorld 2012 approaches, Database Insider asked John Matelski, newly elected president of the Independent Oracle Users Group, for tips on getting the most value out of the event.
Read More

Oracle Database Grows Its Lead in Data Warehouse Market
Leading industry analyst firm IDC has once again named Oracle as the leader in the data warehouse platform market, based on 2011 software revenue.
Read More

Must-See Oracle Database Sessions at Oracle OpenWorld
It’s the user conference of the year. Here are some must-see Oracle Database sessions to check out while you are in San Francisco.
Read More

FEATURED VIDEO

Big Data Episode 4: Organizing Big Data
Learn how to use Hadoop to organize big data so it’s ready for the data warehouse.

WEBCASTS

TomTom Geospatial for Oracle
Learn about TomTom Geospatial for Oracle via several case studies that show how TomTom’s data and Oracle’s spatial solutions work together to solve a variety of business challenges.
Thursday, September 20, 2012
2:00 p.m. ET

Reducing Database Testing Efforts While Maximizing ROI
Forrester Consulting and Oracle show how to manage database and system changes with confidence using Oracle Real Application Testing. Be among the first to hear results from Forrester’s multicustomer study.

Drill Down to Disaster Recovery
Learn how to protect your business from planned and unplanned downtime, including human error. Oracle Maximum Availability Architecture provides optimal high availability at the lowest cost and complexity.

PODCASTS

IOUG President Discusses Upcoming Oracle OpenWorld

Pennsylvania Government Improves Family Life Quality with Oracle Database 11g, Oracle Exadata, and Microsoft .NET

Jazz Aviation Reduces Deployment Time, Increases Performance 10 Times with Oracle Database Appliance

RESOURCE CENTER

Oracle Database 11g Resource Center
Access tutorials, data dictionaries, white papers, customer success stories, and more.

IT ROI CENTER

Oracle Exadata IT ROI Center: Next Steps for Transforming Your Business
Visit Oracle’s IT ROI Center to discover how customers are using Oracle Exadata to improve efficiency, increase service levels, raise employee productivity, and enable faster time to market—all with lower IT costs.

PRODUCT UPDATE

Oracle Spatial Renamed Oracle Spatial and Graph
Learn more about Oracle’s proven, robust graph database technologies. An Oracle Database option, Oracle Spatial and Graph includes support for the RDF semantic graphs used in social networks and social interactions. These graphs also address requirements in the research, health sciences, finance, media, and intelligence industries. Oracle Spatial and Graph includes network data model graphs used in traditional network applications in major transportation, telecommunications, utilities, and energy organizations.

CUSTOMER BUZZ

30 Times Performance Improvement at P&G with Oracle Exadata

BNP Paribas Runs Global Trading 17 Times Faster with Oracle Exadata

Banco Santander (Brasil) S.A. Transforms Data Center with Oracle Exadata

FEATURED TRAINING

On Demand Training: Oracle Exadata Database Machine
Learn about Oracle Exadata Database Machine today using Oracle University’s video streaming training on demand. View a free sample video of the Oracle Exadata Database Machine course.

ORACLE OPENWORLD SUPPORT SPOTLIGHT

Don’t Miss Customer Support Services
Attend one of the 27 Customer Support sessions at Oracle OpenWorld—from achieving high availability with Oracle Database, optimizing Oracle Exadata, gaining efficiencies, increasing system availability with proactive support tools, to leveraging the mission-critical support delivered by Oracle Advanced Customer Support Services. And don’t miss the opportunity to meet with the stars of Oracle Support at the Oracle Support Stars Bar.

ORACLE OPENWORLD OTN SPOTLIGHT

OTN Tweet Meet
Do you Tweet? What’s your handle? Ever wanted to meet the faces behind all the tweets from Oracle, partners, and fellow customers? Grab a @__ nametag and join in! Tuesday, October 2, from 4:30 p.m. to 6:30 p.m. at the OTN lounge (you know, that big red tent between Moscone North and South), come and mingle with fellow tweeters. In addition to great company, Oracle Database and Oracle Middleware experts will also be on hand to answer questions.

EVENTS

Building an Enterprise Cloud? Cloud Builder Summit Is Coming to You!
This free, live event features demonstrations of how to build an enterprise cloud. Learn how to fast-track applications to the cloud with Oracle, and support every aspect of planning, deploying, monitoring, and managing enterprise clouds.

TDWI Conference
September 16–21, 2012
Boston, Massachusetts
Don’t miss the Oracle Workshop—Data Discovery: Beyond Dashboards and Scorecards
Wednesday, September 19, 2012, Back Bay-B
7:00 p.m. – 9:00 p.m.

Oracle OpenWorld 2012
September 30–October 4, 2012
San Francisco, California
Twitter hashtag: #OOW12
Add Oracle Database training to your Oracle OpenWorld agenda.

Slovenian IOUG (SIOUG)
October 15–17, 2012
Ljubljana, Slovenia

Croatia Oracle User Group (HROUG)
October 16–20 , 2012
Tuhelj, Croatia

2012 East Coast Oracle Users Conference (ECO)
October 17–18, 2012
Raleigh/Durham, North Carolina

St. Louis Oracle User Group Meeting
October 18, 2012
Location details to follow.

South Africa OUG (SAOUG)
October 21–23, 2012
Sun City (Johannesburg), South Africa

Nordic User Group Tour
October 22–26, 2012
Includes user groups from Denmark, Norway, Sweden, and Finland.

20:20 Foresight AUSOUG—Perth User Group
October 29–30, 2012
Perth, Australia

Sangam 12
Cohosted by All India Oracle User Group (AIOUG)
November 2–3, 2012
Bangalore, India

Bulgaria Oracle User Group (BGOUG)
November 16–18, 2012
Pravets, Bulgaria

DOAG Conference and Exhibition
November 20–22, 2012
Nuremberg, Germany

UK Oracle User Group Conference 2012
December 3–5, 2012
Birmingham, United Kingdom
Twitter hashtag: #ukoug2012

miércoles, 5 de septiembre de 2012

Un resumen de lo que pasó en el OTN TOUR 2012 en Latinoamerica.

¿Es usted un "Chef" de datos? 👨‍💻

By Javier de la Torre Medina: Ayer me estaba divirtiendo con DALL-E. Quería saber qué piensa la IA sobre la base de datos autónoma de Oracle y cómo podría ser una representación gráfica. ¡Me gustó mucho la descripción y quería compartirla con todos ustedes! Si consideramos que cada uno de los tipos de datos disponibles es un ingrediente diferente, Oracle Autónoma Database sería un Chef. Como tenemos todos los "ingredientes", siempre tendremos clientes contentos porque siempre encontrarás tu receta favorita.