Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12345»»»

We Don't Care about Data and IT Security Expand / Collapse
Author
Message
Posted Sunday, August 10, 2014 9:39 PM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Monday, September 15, 2014 8:57 AM
Points: 6,634, Visits: 1,872
Comments posted to this topic are about the item We Don't Care about Data and IT Security

K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #1601627
Posted Monday, August 11, 2014 1:34 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Yesterday @ 2:56 PM
Points: 2,903, Visits: 1,820
Back in the C19th they didn't care about clean water and drainage. In fact Joseph Bazellgette was lampooned for suggesting that London needed such things.
Amazing what rampant Cholera and Typhus can do to change attitudes.

We haven't had the data equivalent of those diseases but we will do and probably soon. At that point we will learn some very harsh lessons.

I think those lessons will come when the new memory technology that allows you to have an affordable 16TB rather than an expensive 16GB laptop comes into play. At that point computers will be so powerful that every one becomes a supercomputer. Black hats with their own personal supercomputers. God help us all.


LinkedIn Profile
Newbie on www.simple-talk.com
Post #1601686
Posted Monday, August 11, 2014 2:04 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Today @ 1:38 AM
Points: 50, Visits: 341
I'm not for the Nanny state, over burdensome regulations. If someone wants to get a Darwin award, fine by me.

But where others get affected then I do see the issues. The ICO in the UK should have teeth and use them and fine companies that allow personal data to be stolen due to their lack securitty. Currently its underfunded and doesn't have a lot of power.
Post #1601690
Posted Monday, August 11, 2014 4:31 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 5:25 AM
Points: 43,024, Visits: 36,185
I have a friend who is of the opinion that it is impossible for his accounts to be hacked. Not unlikely, not difficult. Flat out impossible. He also says he doesn't care at all if his credit card numbers are stolen, as he'll just cancel the card and get a new one.

This is someone who is a near full time user of Facebook and G+

With that kind of attitude, how do you even approach IT security?



Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1601760
Posted Monday, August 11, 2014 5:23 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 4:44 AM
Points: 5,416, Visits: 3,141
Yet Another DBA (8/11/2014)
I'm not for the Nanny state, over burdensome regulations. If someone wants to get a Darwin award, fine by me.

But where others get affected then I do see the issues. The ICO in the UK should have teeth and use them and fine companies that allow personal data to be stolen due to their lack securitty. Currently its underfunded and doesn't have a lot of power.


I have reported incidents to the ICO and, (without truly comparing the misdeeds) like with other crimes, I - the victim - have been treated poorly by those supposed to protect me (among others). Bearing in mind that I have a reasonable amount of knowledge of the ICO, the appropriate laws and the incidents, I have been amazed at the contempt and/or indifference I have faced following reporting them.

It is no wonder why companies do not take the issue seriously when the enforcement agency's response to issues raised are a joke.


Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1601790
Posted Monday, August 11, 2014 5:32 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 4:44 AM
Points: 5,416, Visits: 3,141
GilaMonster (8/11/2014)
I have a friend who is of the opinion that it is impossible for his accounts to be hacked. Not unlikely, not difficult. Flat out impossible. He also says he doesn't care at all if his credit card numbers are stolen, as he'll just cancel the card and get a new one.

This is someone who is a near full time user of Facebook and G+

With that kind of attitude, how do you even approach IT security?


Focus on everyone/anyone else. We all know an ostrich or too.

I have to say, Gail, that you are showing amazing restraint. I once was fixing a family member's computer when they announced (from a metaphorical soap box) that they didn't use their computer for a particular activity. 20 minutes later I showed them:

    a) that I had fixed their computer

    b) evidence that they had done that "particular activity" the night before


Was I wrong? Maybe as it wasn't an illegal activity. I did educate them though


Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1601793
Posted Monday, August 11, 2014 5:42 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 4:44 AM
Points: 5,416, Visits: 3,141
I think that we all need to do better. Microsoft has shown that it could move from the back of the pack and I hope that all leading IT companies will push further ahead.

We need better practices so we must do them ourselves. We also need support from our tools vendors but it is us who can demand it. I guess we need to highlight this with them and accept that it may make our day job just a little less easy e.g. like losing sa with a blank password - on mass we didn't use it or expect it so it was easier for it to be removed (industry understanding).

My biggest concerns remain with the content providers like those under the banner of social media e.g. FaceBook. There have been plenty of examples of what I would call "wrong doing" which are sometimes legal but, in my opinion, immoral.


Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1601800
Posted Monday, August 11, 2014 5:58 AM
Say Hey Kid

Say Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey Kid

Group: General Forum Members
Last Login: Monday, September 15, 2014 6:18 AM
Points: 662, Visits: 1,671
It doesn't help if a DBA or developer cares about security, if their boss and the rest of the org table doesn't. It's time for the C-levels to actually earn their pay and make security a priority.

Target? Their previous CIO was a marketing wiz, not a IT professional. If they had put the effort into security that they did into marketing analytics, they wouldn't have had the issues that vexed them last year.
Post #1601809
Posted Monday, August 11, 2014 6:35 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Yesterday @ 4:10 PM
Points: 417, Visits: 2,445
GilaMonster (8/11/2014)
I have a friend who is of the opinion that it is impossible for his accounts to be hacked. Not unlikely, not difficult. Flat out impossible. He also says he doesn't care at all if his credit card numbers are stolen, as he'll just cancel the card and get a new one.

My solution is super easy, I set all files and directories to allow read / write access to everyone and remove all passwords, this makes unauthorized access impossible!
Post #1601821
Posted Monday, August 11, 2014 6:43 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 4:44 AM
Points: 5,416, Visits: 3,141
patrickmcginnis59 10839 (8/11/2014)
GilaMonster (8/11/2014)
I have a friend who is of the opinion that it is impossible for his accounts to be hacked. Not unlikely, not difficult. Flat out impossible. He also says he doesn't care at all if his credit card numbers are stolen, as he'll just cancel the card and get a new one.

My solution is super easy, I set all files and directories to allow read / write access to everyone and remove all passwords, this makes unauthorized access impossible!


Isn't that like making one's life so unenviable so they can only make it better?


Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1601825
« Prev Topic | Next Topic »

Add to briefcase 12345»»»

Permissions Expand / Collapse