Monthly Archives: May 2012

There are few terms more widely misunderstood in the world of information security than the word 'hacking'. Although it's used in a variety of contexts, it's most commonly used to refer to all types of cyber crime including everything from fraud and industrial espionage to identity theft and spamming. If you take this view, cyber crimes are the deeds of 'hackers'. In reality, hackers do far more good than harm. Many are researchers that practice a form of ethical hacking driven by a desire to ...
read more
April was another bumper month for SAP Security Notes. In all, SAP issued 33 patches, of which 5 were considered critical. Top of the list were Notes 1647225 and 1675432 which address missing authorization checks in components of Business Objects Data Services (EIM-DS) and the SAP Classification System (CA-CL). EIM-DS is SAP's flagship solution for data integration and quality. It's used to consolidate, cleanse and migrate data from both SAP and external systems. CA-CL is used to manage classif ...
read more
There are several myths in ERP security. One of the most common is that security is largely a matter of controlling access and segregation of duties. Another is that business applications are accessible only within internal networks. Yet another is that such applications are not a target for attack. All three are based on a simplistic and misguided take on today's ERP systems. The reality is that contemporary ERP systems have a highly complex structure. Complexity is the enemy of security. Vuln ...
read more