Post reply

The Tethered Goat

  • August 5, 2017 at 4:14 am

    #332095

    Comments posted to this topic are about the item The Tethered Goat

    Best wishes,
    Phil Factor

  • August 5, 2017 at 5:18 am

    #1954220

    Heh... instead of talking about such an intrusion detector, Red Gate should make one.

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • August 6, 2017 at 5:57 am

    #1954229

    The big problem with building this stuff is liability. We go through the liability insurance renewal process every couple/few years, and the liability questions are getting pretty specific about the kinds of software & services you offer, especially around security work.

  • August 6, 2017 at 6:28 am

    #1954230

    Yes, the best intrusion detection systems are community-based, and I reckon there are good reasons for that. I've never considered the idea of a commercial system, but I'd imagine that it would have to be ring-fenced with weasel clauses. The various detection systems I've used allow you to make extensions to provide alerts for all the databases stuff, so I think we are stuck with having to do a bit of DIY. I recommend that you have one though.

    Best wishes,
    Phil Factor

  • August 6, 2017 at 10:42 am

    #1954239

    Heh... true enough.  Liability and "weasel clauses" are a big deterrent.  I especially like the ones that boil down to "we own the software and you're not allowed to publish comparison tests without our permission but we're not responsible for anything real you do with it".  They should summarize it all with just two words... "Caveat Emptor". 😉

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • August 7, 2017 at 6:47 am

    #1954292

    Hello, could it be possible to publish what the attacks were, how the setup was done and how to protect from those please? I can't get to any details 🙁 Or maybe I'm blind :alien: and I don't see them!

    The editorial's link point to SQL Data generator two times. The same link is used for both the "techniques" word and "SQL Data Generator" words. Is this intended?

    This is the closest article I found out from the editorial's link when looking for more security details: SQL Data generator article
    Thank you!

    Contracts are more or less "We want the good stuff (including your data) and you're on your own for bad stuff"

  • August 7, 2017 at 9:19 am

    #1954324

    Law enforcement should setup special phone numbers and credit card numbers for use in seeding honeypot databases. For example, the hacker steals a list of credit card information from an unsecured online database, but when they attempt to use it, an alert is immediately raised to authorities. We could call this technique "Poison Rat Bait".

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • August 7, 2017 at 1:00 pm

    #1954372

    Security people are often too mistrusting of the community to work with them effectively.

    412-977-3526 call/text

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply