Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

Encrypt Everything Expand / Collapse
Author
Message
Posted Monday, December 16, 2013 8:42 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Monday, December 15, 2014 7:14 AM
Points: 494, Visits: 819
Ralph Hightower (12/16/2013)
Pick on South Carolina. The South Carolina Department of Revenue didn't encrypt the Social Security Numbers of taxpayers who filed electronic tax returns. Whoops! Now hackers have 6 million Social Security Numbers when they hacked into the computer systems.

You could substitute pretty much anything for "South Carolina" and "South Carolina Department of Revenue".

I am not knowledgeable enough to consider myself a cracker (true term for what the media calls hacker, all of us are hackers), but even I can break into a huge percentage of systems. Take anyone with minimal skills, or anyone willing to download automated tools, and the vast majority of systems are at risk.

As I see it, there are at least a couple viewpoints we need to have.

1) We all need to do a better job securing our data and our infrastructures
2) Independent hackers, not affiliated with any country, are a significant threat that we need to protect ourselves against, and we need to stop assuming we have nothing they want
3) Countries are also attacking us, not just the US and china, but all of them

An interesting article I read this weekend explained how one state (Louisiana?) is suing IBM for its involvement with the NSA. Lawyers always find a way to include more and more entities in lawsuits in order to maximize their profits. This is just the tip of the iceberg. I find it ironic that a government is suing a company due to their involvement wiht the government.


Dave
Post #1523274
Posted Monday, December 16, 2013 8:53 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Monday, December 15, 2014 2:46 PM
Points: 388, Visits: 1,047
If Snowden's leaks are to be believed, the NSA pressured encryption providers to provide some sort of access to them. In addition, a handful of encrypted services providers (http://rt.com/usa/cryptoseal-vpn-close-grant-nsa-521/ , for example) opted to close their doors rather than comply with the NSA.

I don't expect the djinn to make it back to the bottle.

That said, I applaud the efforts of the companies that have announced they will add more encryption.

Andy


Andy Leonard
CSO, Linchpin People
Follow me on Twitter: @AndyLeonard
Post #1523281
Posted Monday, December 16, 2013 9:16 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: 2 days ago @ 3:11 PM
Points: 31,368, Visits: 15,837
djackson 22568 (12/16/2013)


I am not knowledgeable enough to consider myself a cracker (true term for what the media calls hacker, all of us are hackers), but even I can break into a huge percentage of systems. Take anyone with minimal skills, or anyone willing to download automated tools, and the vast majority of systems are at risk.


Try "System" and "Manager" on Oracle systems. Works like "sa" and "" on many SQL Server systems.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1523293
Posted Monday, December 16, 2013 9:58 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Today @ 9:48 AM
Points: 2,501, Visits: 1,587
Steve, Nice word and the point of view is excellent. If we cannot protect "data at rest" we should at least protect the "data in motion". As you say it would be great to do both, and we should depending on the classification of the data being used. But there is even a fallacy in that. Our systems often do not know the difference between the data classification of each transaction, so it is far better to protect it all, just in case a programmer/analyst/developer/architect makes a mistake.

I cannot say that encryption covers a multitude of IT sins or errors, but every tool and strategy we can deploy to thwart the "enemy" we should.

Nice one!

Miles...



Not all gray hairs are Dinosaurs!
Post #1523327
Posted Tuesday, December 24, 2013 1:09 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 9:37 AM
Points: 5,830, Visits: 3,745
No-one can help but see things from their perspective and, therefore, we have seen a very US-centric point of view on this i.e. the US Government targets US citizens, the US Government targets US corporations, foreign governments target US citizens, foreign governments target US corporations, foreign governments target US individuals etc.

The reality has been that a lot of governments around the world, a lot of organised crime syndicates around the world, a lot of corporations around the world, a lot of private collectives around the world and a lot of individuals around the world have been hacking governments from around the world, corporations from around the world and a lot of individuals from around the world. Ask Angela Merkel

I think that a politician from Portugal said it best when he said that the US Government was only doing what all governments would do given the same amount of funding.

I accept that it is most likely that the Chinese government and Chinese corporations are hacking US targets (I haven't seen the proof myself but I am prepared to take the reports at face value) but I bet that those Chinese Government and corporations are being hacked by the US too.

Also, I wonder if Chinese corporations have better practices to protect themselves from their own Government?

BTW I have no axe to grind. I am from the UK whose government also indulges in such practices


Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1525701
Posted Tuesday, December 24, 2013 9:10 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Monday, December 15, 2014 7:14 AM
Points: 494, Visits: 819
Gary Varga (12/24/2013)


Also, I wonder if Chinese corporations have better practices to protect themselves from their own Government?



GRIN - The chinese corporations ARE the chinese government. GRIN

Socialism, so the government runs everything. It is the only good thing about china, eventually the government will fall due to how the people are treated. I saw one recent news article that claimed in one city they have to wear masks due to the pollution! As much as I despise how the US government is being run, especially over the last 20 years or so, there are worse governments to be had.


Dave
Post #1525772
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse