Skip navigation
Help

backend systems

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

Aurich Lawson

In the 1990s, client-server was king. The processing power of PCs and the increasing speed of networks led to more and more desktop applications, often plugging into backend middleware and corporate data sources. But those applications, and the PCs they ran on, were vulnerable to viruses and other attacks. When applications were poorly designed, they could leave sensitive data exposed.

Today, the mobile app is king. The processing power of smartphones and mobile devices based on Android, iOS, and other mobile operating systems combined with the speed of broadband cellular networks have led to more mobile applications with an old-school plan: plug into backend middleware and corporate data sources.

But these apps and the devices they run on are vulnerable… well, you get the picture. It's déjà vu with one major difference: while most client-server applications ran within the confines of a LAN or corporate WAN, mobile apps are running outside of the confines of corporate networks and are accessing services across the public Internet. That makes mobile applications potentially huge security vulnerabilities—especially if they aren't architected properly and configured with proper security and access controls.

Read 32 remaining paragraphs | Comments

0
Your rating: None



Oracle has declined to patch a critical vulnerability in its flagship database product, leaving customers vulnerable to attacks that siphon confidential information from corporate servers and execute malware on backend systems, a security researcher said.

Virtually all versions of the Oracle Database Server released in the past 13 years contain a bug that allows hackers to perform man-in-the-middle attacks that monitor all data passing between the server and end users who are connected to it. That's what Joxean Koret, a security researcher based in Spain, told Ars. The "Oracle TNS Poison" vulnerability, as he has dubbed it, resides in the Transparent Network Substrate Listener, which routes connections between clients and the database server. Koret said Oracle learned of the bug in 2008 and indicated in a recent e-mail that it had no plans to fix current supported versions of the enterprise product because of concerns it could cause "regressions" in the code base.

Read the rest of this article...

Read the comments on this post

0
Your rating: None