Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle Security webinar with Pete Finnigan"] [Next entry: "Oracle Security talk available as slides and also video"]

An update, slides, USA and a masterclass

Well it has been a really busy last few weeks, phew.... I have had litle free time to do anything for myself except work for clients and keep the business running. On one hand thats great, but on the other it would also be nice to have free time.

OK, a number of people have emailed me, sent me PM's, even someone sent me an SMS and a couple of blog comments have been posted. What is happening with the PL/SQL password cracker. Well I just have not had free time to sort it out. I need to simply add a header text to it, clear out all the debug code, ideally add the 11g code and of course post it up. I am going to have some free time Thursday so I will promise to post it up on my tools page on Thursday and also mention it here. Sorry to those that have been waiting and sorry to those who have been teased by seeing it running last week in Iceland.

I also gave a webinar talk today for Sentrigo on the subject of Oracle security of course. This was fun although it is still weard after now having done three webinars to speak and get absolutely no feedback. I will post the slides on my site on Thursday for those who have asked me about them.

I also saw a couple of posts last week around travel to the states and the new rules that allow the US customs to take laptops and other electronic items to review. This is very worrying as it is probably pot luck as to whether you fall victim to this. There is a story "Homeland Security: We can seize laptops for an indefinite period" about it and some tips on PC World in an article titled "Five Things to Know About U.S. Border Laptop Searches" and finally Toms experiences in the same area in a post titled "Crossing the border... ". This is a worry if you use a laptop for your business, what do you do?, stay out of the states, dont take a laptop, or email in your data and collect it there? - i guess if you need to go to the states you need to prepare for this.

Finally for this short post, i saw from browsing the UKOUG calendar for the conference in December that i have also had my Oracle Security Masterclass accepted. This is good news and should be a fun session. I have enjoyed the masterclasses particularly in the past as they allow a more in-depth look at the subject. I will talk more later in the year about the content of this masterclass, it will be worth coming along.

OK, enough for now, i have worked past midnight a few nights i the last week, i need a rest..:-)

There has been 2 Comments posted on this article

September 24th, 2008 at 02:04 am

Pete Finnigan says:

"stay out of the states, dont take a laptop, or email in your data and collect it there? - i guess if you need to go to the states you need to prepare for this."
This won't just apply to the US. Border security (Customs/Quarantine/Immigration/Police) in general will have the right to inspect anything you bring into a country.
I think that, in many cases, you need to separate your entry into the country from the entry of your data. That way you can't be refused entry (or whatever) based on a refusal to hand over data.
That said, given the number of laptops going into and out of a country, they'll never be able to give more than a cursory inspection to most, and they'll probably only dig deeper if your reaction to the search is a cause for concern.

September 25th, 2008 at 10:09 am

Pete Finnigan says:

Thanks for your reply Gary. Are you saying that these news rules will apply to other countries as well or just to the USA? - i understood that it was just the USA, although Tom's blog entry about a similar experience was for Canada. The two news reports are about being able to "sieze" your laptop which is different to searching it at the border.

I have nothing to hide on my laptops, the issue for me is that i would not want to lose it as then I wouldnt be able to do the work i went to do.

I think you are right, its about seperating you from your data. Is it big brother or not though?