NAB picks Oracle for IT overhaul

NATIONAL Australia Bank has selected Oracle to roll out the first phase of its $1 billion core banking revamp.
In an announcement made to the Australian Securities Exchange today, NAB said Oracle would replace its core banking systems over the next five years.

The phase one rollout will involve the delivery of a platform for a new business division called Star Direct.

The Star Direct business will include a specialised, low cost, high service direct bank that will be launched later this year, NAB said.

“This is a significant investment for NAB and we plan to take a very phased and measured approach over the next five years,” NAB chief information officer Michelle Tredenick said.

“Our existing IT systems have served the business well to date, however they are not sufficient to support our future strategic direction.”

The second and subsequent phases of NAB’s core banking overhaul will be rolled out in parallel. Planning for the following stages is expected to take another six months, NAB said.

All the big four banks are expected to undergo core system upgrades in the coming years.

Commonwealth Bank recently announced its four-year, $580 million core banking modernisation project would be undertaken by German software vendor SAP and systems integrator Accenture.

ANZ announced it would overhaul legacy systems in its Asian operation, replacing them with the Infosys Finacle platform. The bank also said it would expand this platform to its local operations.

Westpac too was slated to modernise its core banking systems but the process has hit complications as it irons out a proposed merger with St George.

The process of integrating Westpac and St George’s technology operations would involve consolidating not only the core banking operations, but other infrastructure, including the communications network and hardware.

Source: Mitchell Bingemann @ www.australianit.news.com.au

Read more ...

Oracle acquires Global Knowledge Software

Oracle will acquire Global Knowledge Software for an undisclosed sum, to boost it software training offerings.

Global Knowledge Software (GKS) produces programmes that train users on different business software, including that from Oracle, Microsoft and SAP.

“Our customers are looking for a consistent, cost effective training solution across the enterprise to speed software adoption by end-users,” said Ed Abbo, Senior Vice President of Oracle Application Development.

GKS’ products will complement Oracle’s existing training software, Oracle Tutor, along with its learning management software, iLearning and eLearning. Oracle intends to form a global sales unit to extend all its software training offerings across the enterprise.

The transaction is expected to close in the third calendar quarter of 2008.


Author: Rosalie Marshall @ www.itweek.co.uk

Read more ...

Oracle Issues Alert For WebLogic Plugin Vulnerability

Oracle on Tuesday issued a Security Alert related to a vulnerability that affects the Apache plug-in for Oracle WebLogic, formerly known as BEA WebLogic.

In an online post, Eric Maurice, manager for security in Oracle's global technology business unit, explained that the alert is the first since Oracle introduced its quarterly Critical Patch Update process in January 2005. The alert is necessary, he said, because code designed to exploit the vulnerability has been posted online.

The severity of the exploit, which can be seen at Milw0rm.com, is rated 10 out of 10.

"It is remotely exploitable without authentication, ... and it can result in compromising the confidentiality, integrity, and availability of the targeted system," said Maurice.

The vulnerability has been assigned the CVE identifier CVE-2008-3257.

Oracle has posted file to limit the maximum URL length to less than 4,000 bytes. If that's not feasible, Oracle suggests installing the mod_security Apache module.

Oracle plans to release an out-of-cycle patch to address the issue as soon as the patch is ready.

The exploit code was released July 17, two days after Oracle issued its second-quarter Critical Patch Update.

"Unfortunately, the person(s) who published this vulnerability and associated exploit codes did not contact Oracle before publicly disclosing this issue," said Maurice. "This means that the vulnerability was made public before providing Oracle an opportunity to develop an appropriate fix for this issue and notify its customers."

Author: Thomas Claburn @ www.InformationWeek.com

Read more ...