Tag Archives: infosec

Demo code for Ghost Data in Indexes

Posted on May 3, 2016 by rlockard

NOTE: all demo data is fake. This is the demo code for encrypting data where there is an existing index. We are starting with a table customers_tst that is in the unencrypted tablespace dat. start with dropping the old test … Continue reading

Posted in encryption, infosec, Security | Tagged , , , | Leave a comment

#infosec issues on moving to the #cloud #DBaaS

Posted on March 29, 2016 by rlockard

Last week I was at Oracle Cloud World working at the ODTUG booth. This gave me the opportunity to talk to a lot of people who are seriously looking at moving their environment to the cloud. While chatting with these … Continue reading

Posted in Database Stuff | Tagged , , , | Leave a comment

#Oracle #Infosec #Datapump

Posted on March 12, 2016 by rlockard

If you are running a data pump export of your encrypted database and you do not specify encryption or encryption_password then the data will be stored in plain text.  This will give you the ORA-39173 warning.

Posted in Database Stuff, Security | Tagged , , | Leave a comment

2015 #InfoSec in review. We get a big fat “F”

Posted on December 27, 2015 by rlockard

We are stewards of our customers data and need to do better. <OPINION> I would give us a big fat “F” for data security in 2015.</OPINION> What happened and what needs to be improved? We saw weak passwords, lack of … Continue reading

Posted in Database Stuff, infosec | Tagged , | Leave a comment

#infosec RSA Encryption Explained

Posted on November 14, 2015 by rlockard

One of my favorite channels on youtube; numberphile explains RSA Encryption better then I could.  

Posted in Database Stuff | Tagged , , | Leave a comment

#infosec #LetsSecureThisTogether This is going to piss some people off. The C suite needs to have this conversation.

Posted on October 12, 2015 by rlockard

Get the words best practice out of your vocabulary.” I have been at many customer sites that needed my expertise, and someone says to me in a meeting, “well what is the best practice to secure our information.” I’m going … Continue reading

Posted in Database Stuff | Tagged , | Leave a comment

Don’t get invited to sit in front of a Congressional Committee. #Oracle #TDE August 27, 3PM EST #INFOSEC

Posted on August 26, 2015 by rlockard

Register here: https://attendee.gotowebinar.com/register/7938280806383993602 Sponsored by @ODTUG

Posted in Database Stuff | Tagged | Leave a comment

#Oracle #TDE Ghost Data Teaser

Posted on August 5, 2015 by rlockard

Here is a teaser for the Oracle Transparent Data Encryption presentation We look at having an existing table with existing indexes. A policy comes out that says we need to encrypt SSN and Credit Card Numbers. Once we encrypt the … Continue reading

Posted in Database Stuff, encryption, infosec, Security | Tagged , , , | Leave a comment

Oracle #OTN #OPSEC #TMTT

Posted on August 3, 2015 by rlockard

Oracle Technology Network Two Minute Tech Tip. Oracle Transparent Data Encryption.

Posted in Database Stuff, encryption, infosec, Security | Tagged , , , | Leave a comment

Oracle Transparent Data Encryption Baseline Practices webinar

Posted on July 16, 2015 by rlockard

I will be giving a webinar on Oracle Transparant Data Encryption Baseline Practices August 27, 2015 at 3PM. Sponsored by @odtug  Why “Baseline Practices?” well best practices does not seem to be working so we are going to start improving … Continue reading

Posted in Database Stuff, Security | Tagged , , , | Leave a comment

#Oracle #TDE #dataleak #Histograms

Posted on July 7, 2015 by rlockard

While at #KSCOPE15, I was asked about encrypted data showing up in histograms.  So, I ran a few experiments and learned that encrypted data does indeed leak. I contacted Oracle through an old friend to get their input. Here is … Continue reading

Posted in Database Stuff, Security | Tagged , , , | Leave a comment

Oracle Transparent Data Encryption Performance. Oracle 12.1.0.2 on Linux 5

Posted on July 7, 2015 by rlockard

  Some performance test on Oracle TDE.  I have three tables t1, t2 and t3. All three tables have identical data and 1.6M rows. I’m going to come back and visit this a bit more later, but want to get … Continue reading

Posted in Database Stuff | Tagged , , , | Leave a comment

#infosec #encrypt backups with #rman

Posted on March 25, 2015 by rlockard

Why should you encrypt your backups? Why should you test your backups? I will be speaking on Holistic Database Security at #kscope15 and #harmony15

Posted in Database Stuff, Security | Tagged , , | Leave a comment

#infosec #Oracle data #redaction

Posted on March 23, 2015 by rlockard

I had a rather disturbing conversion with my wife a couple nights ago, she had called a service provider to discuss a bill.  The customer service rep asked her for her social security number to verify her identity.  When my … Continue reading

Posted in Database Stuff, Security | Tagged , , | Leave a comment

#Infosec

Posted on March 4, 2015 by rlockard

I recently have been receiving emails for consulting work.  This is a good thing because I’m back on the market.  However; some of the emails I have been receiving are asking for PII.  This information can be used for identity … Continue reading

Posted in Security | Tagged , | Leave a comment

Encrypt those backups

Posted on April 5, 2013 by rlockard

April 2005 Ameratrade loses a backup tape containing information on 200,000 customers. February 2005 Bank of America loses backup tapes containing information on 1.2 million charge cards. September 2011, SAIC loses backup tapes of 4.9 Million members of the military … Continue reading

Posted in Security | Tagged , , | Leave a comment