Search

Top 60 Oracle Blogs

Recent comments

May 2010

What I learned about "Security"

I travel a lot. Because of that, I use 'hotspots' all over the place. I am connecting through Germany right now and had to sign up for a T-Mobile hotspot. They require you set up an account - to buy a 60 minute pass (I don't really like that, I don't want an account but they make you).

So, I set up my account - username, password - credit card information, etc. Get logged in and immediately receive an email. I've received this email before (because I always have to set up a new account since I can never remember what my 'old' account was) . It was the standard "welcome to T-Mobile" sort of email, but it always contains this (I've written to them before - that is like sending email to a bit bucket, no response, no action). Here is the email (xxxxx represents information I:

From - Fri May 21 09:05:34 2010
X-Account-Key: account5
X-UIDL: AHxxafafdafda
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: xxxxxx@yahoo.com via 206.190.49.114; Fri, 21 May 2010 00:04:39 -0700
Received-SPF: none (mta1056.mail.mud.yahoo.com: domain of noreply-wlan@t-mobile.net does not designate permitted sender hosts)
X-Originating-IP: [193.254.174.32]
Authentication-Results: mta1056.mail.mud.yahoo.com from=t-mobile.net; domainkeys=neutral (no sig); from=t-mobile.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO wlansmtp.t-mobile.net) (193.254.174.32)
by mta1056.mail.mud.yahoo.com with SMTP; Fri, 21 May 2010 00:04:39 -0700
Received: from kxsnsrg2 (kxsnsrg1 [172.28.76.134])
by wlansmtp.t-mobile.net (Postfix) with ESMTP id 37BDD6716
for ; Fri, 21 May 2010 09:04:37 +0200 (CEST)
Date: Fri, 21 May 2010 09:04:37 +0200
From: noreply-wlan@t-mobile.net
Message-Id: <1274425477.9165@kxsnsrg2>
To: xxxxxxx@yahoo.com
Subject: T-Mobile welcomes you to your new HotSpot Pass Account

T-Mobile welcomes you to your new HotSpot Pass Account. The password for your
new account is XXXXXXXXX

Yes, that is right, they emailed my password - over unencrypted email, for no apparently good reason at all. Why??? Why would they do this??? What is the point? What is the reason?

Why am I posting this? Well, maybe they'll read or hear about it this way and change it. I found this funny - this is their FAQ:

https://hotspot.t-mobile.net/TMD/en_GB/web/security/index.html#1

Is the HotSpot registration (log in) secure?

Yes, because the access details are transmitted in code to the T-Home / T-Mobile HotSpots. The code that is used is SSL. The software for this is integrated into the browser. If this is not the case, you can update your browser. The relevant downloads are available from the browser provider.
By using our HotSpot Manager, which automatically logs onto T-Home / T-Mobile HotSpots, you can be assured that the registration details are only transmitted to a confidential hot spot web portal.

Well, that is not quite true is it. You can also be assured that your password will be transmitted to everyone on the planet in clear text via good old email.

In the year 2010, you would think we'd know better.

They shouldn't be STORING my password let alone EMAILING IT to me. Sigh....

Now I've got some passwords to change, ugh....

Philosophy – 11

The English language is full of irregular verbs, for example: I am hypothesising about possible explanations You are guessing He’s talking rubbish [Back to Philosophy 10] Filed under: humour, Philosophy

IOUG Webcast on Security

Many thanks to those who attended my webcast "Secure Your Database in a Single Day" for IOUG's wecast series. I hope you found it useful. I would highly appreciate if you take a moment to let me know how you felt - good, bad and ugly. Please write to me at arup@proligence.com.

You can find the scripts referenced in the webcast here.

How Good Are the Values Returned by DBMS_COMPRESSION.GET_COMPRESSION_RATIO?

According to the documentation the GET_COMPRESSION_RATIO procedure of the DBMS_COMPRESSION package can be used to assess the impact of different compression options for a given table. In other words, it allows us to find out the expected compression ratio for a given set of data without having to really create a compressed table. The question [...]

Ignoring Hints

I’ve previously published a couple of notes (here and here) about the driving_site() hint. The first note pointed out that the hint was deliberately ignored if you write a local CTAS or INSERT that did a remote query. I’ve just found another case where the hint is ignored – this time in a simple SELECT [...]

Custom treedump

Not a tree, actually Just dump. Index dump. Custom index dump with blackjack and hookers (c) Check it out here if you haven’t seen this yet. Filed under: Oracle Tagged: indexes, scripts

Mining Listener Logs

When is the last time you looked at the listener logs? Perhaps never. Not a very good idea. Listener logs contain a wealth of information on security events - it shows you the profile of hosts connecting to the database, the programs they are using and attempting to communicate but failed, among other things. But reading the listener logs is not exactly a pleasant experience. A while ago I wrote a series of articles on an online eZine called DBAZine.com on how to create an external table to read the listener logs using simple SQL; but unfortunately DBAZine.com has folded.

I have placed the articles on my website for your reference. As always, I would love to hear from you how you felt about these, stories of your own use and everything in between.

Mining Listener Logs Part 1
Mining Listener Logs Part 2
Mining Listener Logs Part 3

Oracle Celebrity Seminar Tour in APAC

For those who attended my seminars in Shanghai, Beijing, Shenzhen, Kualalampur and Singapore - I thank you very much for taking the time. I sincerely appreciate the gesture and hope that you found them useful.

As I mentioned during the seminars, I would love to hear from you your thoughts - what you liked, didn't like, wanted to learn but didn't, or specific areas you applied in your workplace. Please drop me a line at arup@proligence.com.

Advert: UKOUG Scottish Conference next week

Is it really that time already? I'll be working in London, but for those of you who can make it, this just in from Thomas Presslie ...

"The annual Scottish Oracle Conference is being held in Glasgow on 27th May 2010.  Now with five streams and keynote by David Callaghan, Senior Vice President Oracle, UK, Ireland and Israel a local event in Scotland not to be missed!   More information can be found at http://scotland.ukoug.org/ The OUG Scotland Chairman, Thomas Presslie, has some free places to give away to readers of Doug's Oracle Blog.  Please email Thomas tpresslie@pisec.org for details of the discount code for registration."

Sorry I'll miss it :-(

double trouble

In the latest Quiz Night, I asked how you could make a query more efficient by changing a two table join into a three table join – with the clue that my third table was a repeat of the first table. Gary Myers, in comment 4,  provided the type of answer I was looking for. Sometimes [...]