"I have just looked at the page you reference on Tom Kytes site. Its an interesting page and includes two comments from Tom in terms of information leakage, The first being that the configuration is taken from an internal server using mod_gzip and mod_plsql - also further down in the example there is an entry from a log file that shows an IP address and a URL. A quick check on www.whois.sc shows that this is probably an external IP Address as it is allocated to Oracle.
So yes, this is a leakage of information that should not really have occurred. A server has been identified; the software running on it is identified as are some configuration details."
This is a good example of public information - on Tomís website - that leaks information that probably should not have been leaked.
Everyone who posts on newsgroups, mailing lists, weblogs and even company websites or forums that are exposed to the Internet should be very careful about what they write. Companies should actually create a business policy that lays down the rules and this should be given to all staff to understand and digest. Set penalties for users who disregard the policy. If an information item gets onto the Internet then itís very hard to eradicate it. Posts get archived and copied all over the place.
It can be possible to also to regulate the information outflow but impossible to prevent all information outflow of this nature. Companies can regulate access to certain forums, sites, even emails but that won't stop use of anonymous emails and web surfing or even posting from home.
That said companies should take the time to create a simple policy that defines the type of data that should not be leaked and should educate staff and enforce the policy. It is important to make staff aware of why this is a good idea, often if people understand the risks it becomes second nature to not divulge information that should not be divulged.