Monthly Archives: April 2012

On January 16, SAP issued a revamped version of the whitepaper Secure Configuration of SAP Netweaver Application Server using ABAP, which is rapidly becoming the de-facto standard for securing the technical components of SAP. According to SAP, the guidance provided in the whitepaper is intended to help customers protect ABAP systems against unauthorized access within the corporate network┬Ł. In fact, many of the recommendations can also be used to protect SAP systems against remote attacks origi ...
read more
After recently losing Beneficial Mutual as an audit client, Deloitte suffered another major setback last week. While a U.S District Court Judge dismissed racketeering and other claims against the firm made by Marin County as a result of what the Californian authority considered a botched implementation of SAP for Public Sector, the court declared that the county had a plausible claim of bribery against Deloitte. In the $30M complaint against Deloitte attached below, Marin County alleged that De ...
read more
The answer is when your Legal department is managing the fallout after a data breach. The case in point is the Utah Department of Health which announced this week that over 280,000 records belonging to Medicaid and CHIP recipients were compromised after a breach last week believed to be perpetrated by a group in Eastern Europe (http://www.health.utah.gov/databreach). The group exported 25,000 files containing personal information including social security numbers, belonging to hundred of thousa ...
read more
IBM released an advisory in February for a Denial of Service (DoS) vulnerability in AIX versions 5.3, 6.1, and 7.1. The warning seems to have flown under the radar since so far, many companies running the effected AIX OS platforms for their SAP environments have yet to deploy the patch. The vulnerability relates to a flaw in ICMP packet handling. An ICMP echo reply with ID=1 can lead to a DoS. ICMP is part of the Internet Protocol Suite and can be used to relay query messages. Echo reply is a pi ...
read more