Right now it looks like I'll be putting a training session on for my local ISACA chapter on SQL Server security and auditing SQL Server.  I know there is usually a lot of griping by DBAs when auditors show up and ask about their databases. Typically it's around how the auditors… Read more

This question comes up a lot: how do I give read-only access to job status to a group of people? The answer, at least in SQL Server 2005 and 2008, seems simple: add them to the SQLAgentReaderRole role. But this doesn't actually work, as this role also has the ability… Read more

The video I did for Jumpstart TV on xp_cmdshell execution has hit the front page. Registration on the site is required but viewing the video (~ 5 minutes) is free.

  Read more

This is a little old (five days based on the last update), but TrendMicro put on their blog about fake LinkedIn profiles which have links leading to malware.

The basics:

• The fake profiles are for famous people others would likely be looking for (like Paris Hilton, Beyonce, etc.)
• The…

Read more

Hopefully by now everyone has seen this, but if not, here's a reminder to continue to spread the details. Denis Gobo made a post earlier today and Security MVP Randy Franklin Smith sent out a newsletter after being prompted by his MVP lead.

The worm is known as Conficker or Downadup… Read more

I was browsing through the new titles that are on Safari and saw some planning guides around Windows Server 2008 (Active Directory Services, File Services, etc.). Of course, all of these are published as solution accelerators, because they are designed to assist IT professionals understand, plan, and implement solutions quicker… Read more

If not, you should. Because autoplay being on means any time a removable data device, such as a USB stick, is inserted into the computer, autoplay fires up. Typically this is usually taken advantage of by CDs/DVDs to get us to a start menu. However, attackers are now writing worms… Read more

I've mentioned before that I was on Twitter and I know that for some the question is still out on whether or not it is of value. For me, it's like any other tool, it depends on how you use it. If you're trying to use a hammer to dig… Read more

This came up on Twitter today. I have a search set for "SQL Server" and it pulled up someone who was struggling with PHPMyAdmin because of a very large SQL text file. He was unaware that there were free GUI tools for MySQL from Sun. Those tools can be found… Read more

First saw this because Jason Massie twittered about it. But apparently there are enough bits of the .NET Framework in R2 Core where SQL Server installations will be possible:

Andrew Fryer's Blog: Windows Server 2008 r2 

It'll be a command-line install, since core has no GUI, but that's fine… Read more

I have a lot of blogs I subscribe to. Well over 500 at last count. And the truth of the matter is there is no possible way to read them all. I tried once. It took about 3-4 hours a day. After about 3 days of that, I gave up.… Read more

Received my notification via email this morning that I've been recognized as a Microsoft MVP for SQL Server. It's been a goal of mine for a long time and I'm glad it is finally accomplished. Like Andy Warren, mine wasn't so much posting in forums but probably more so… Read more