There is a lot of data out there that is specific to an individual, none more important perhaps than biometric data. Steve Jones writes a bit about the security implications involved in working with this data. (This editorial was originally published on Nov 10, 2008. It is being re-run as Steve is at SQL Bits.)  Read more...

Microsoft might be changing their patching process for applications. This has Steve Jones worried they may move towards an Apple/iOS like model, which would not be good for server systems.   Read more...

This Friday Steve Jones talks about xp_cmdshell and the security regarding its use. Do you have any holes that might exist if administrators are allowed to use this tool on their instances?  Read more...

Evernote recently had a security incident and forced all users to reset their passwords. Many people thought this was a good response to a security incident. Would your company act in a similar manner?  Read more...

This week Steve Jones talks encryption and why you shouldn't be implementing anything you've invented.  Read more...

There's potentially an exploit that can download lots of data to a machine. This shouldn't be a concern for servers, but you never know.  Read more...

The password issue has Steve Jones concerned. So many of us that use computing devices don't do a good job of securing our information.  Read more...

Statistical databases contain lots of information that can be used in a variety of ways, but it can also be abused. Steve Jones talks about some of the problems and potential solutions.  Read more...

The average value of a lost laptop has been found to be much more than you might expect. Steve Jones talks about a recent study.  Read more...

If you are bound by HIPAA regulations, you may have more auditing in your future. If you're not, perhaps you should still pay attention to the criteria being used for auditing.  Read more...

Tony Davis argues that the Standards and best practices exist to avoid being hacked, but implementing them requires time and investment and often there simply doesn't seem to be the will to do it.  Read more...

There are over half a million database servers out on the Internet without protection. How can this happen?  Read more...

If we rewrite the coding rules, will software be more secure? Steve Jones thinks it might and that we should be constantly looking to change the techniques, patterns, and skills we have.  Read more...

Worms have been around a long time in computer systems. However changes in the global policies of governments and the possible retaliation for cyber warfare should have DBAs concerned.  Read more...

The hack on a Gizmodo writer using Amazon and Apple customer service security holes was shocking. Steve Jones notes that while security is important, backups are even more important.  Read more...

Security is a complex process, one that is becoming more and more important to DBAs all the time. This week Steve Jones wants to know how security is handled for your service accounts.   Read more...

Great DBAs collect all kinds of metrics on their instances and let them manage themselves. However many administrators need help monitoring and interpreting the data. Today Steve Jones asks if you think this data needs extra security or is it less of an issue than other PII data.  Read more...

Today Steve Jones notes that security is improving at many web sites. It's not great, but it's improving. That's a good sign, or is it?   Read more...

Better security can be achieved by writing better code. Steve Jones agrees, but doesn't think it's as easy as it sounds.  Read more...

Today Steve Jones talks security and the need for us to share information about issues, especially those that impact security.  Read more...