Eric H. Goldman

Security Researcher and Professional
CISA, Security+, & ITILv3 Certified

Eric Goldman is a security professional with experience in the banking and manufacturing sectors. His primary interest is in security policy, compliance, and human factors. His research focuses on how IT teams can improve security and move towards a proactive security mindset. His research has been showcased in academic journals as well as professional journals. Eric also authors and contributes to security/software projects to help end users make informed decisions and protect their identity and security.

Recent Articles

Vulnerability Report: Information Exposure in Oracle's iRecruitment

Oracle's iRecruitment software is a HR system used by many government agencies and large private corporations. The system can be used to manage hiring information as well as current employee records. Upon using one such company's hiring system as an external applicant, I followed a hyperlink and was able to recover the entire company's corporate hierarchy, which includes employees names, contact information (primarily business-centric, but some personal information such as cell phones). More importantly, the vulnerability shows departmental breakdowns and reporting relationships in the hierarchy. Depending upon the amount of information stored and where by a particular organization, this could result in violation of employee privacy protection laws such as those from the state of Massachusetts…

Security » #Oracle #Vulnerability Report

Fill out my online form.
There are tons of Wufoo features to help make your forms awesome.