Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Richard talks about diagnostics support pack and applications collection tool (ACT)"] [Next entry: "Useful PL/SQL function that returns an MD5 sum for a string"]

A great example of information leakage!

I just got an email from Tom Kyte to let me know about a link he had found on a blog listed on - (broken link) The entry is titled - (broken link) And You Thought Your Company Photos Were Bad? and it says that a regular securitymonkey blog reader had sent this in.

The main item is a photo published in a magazine sent out by a UK train company. A close up of the photo reveals some great information goofs by showing usernames and passwords on a white board. This is a great example of how critical information can be leaked not just by newsgroup postings or on mailing lists. The key lesson to learn here is "why were the usernames and passwords on white board in the first place". This is not something new though. I have been in companies where similar info was listed on the walls on white boards.

Great blog post though.