Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Archives: April 2011

Love What You Do

I've been dealing with illness the last few weeks, probably due to the rather heavy pollen season here in South Carolina. Case in point: when I went to the grocery store on Wednesday, just about every cold and sinus product was completely sold out. So I've had a hard time… Read more

SQL University: Who has access to my SQL Server?

Welcome to PowerShell Week #2 for SQL University! One of the frequent questions I hear is, "Who has access to my SQL Server?" Using PowerShell we can answer this question fairly easily. Here's what we need to do:

  1. Retrieve the list of Windows logins for a given SQL Server…

Read more

If a web page asks you to update Adobe Flash Player

You don't want to do so from that web page. Instead you want to go to the Adobe web site directly (www.adobe.com) and get the update from there. Newer versions of Flash should prompt you to update when you reboot your system every time a new version related to a… Read more

Why having two accounts is a good thing

Today on Twitter a friend of mine posted that the AV on his SQL Server flagged two trojans that were tied to an IT person in his organization. Naturally I asked about whether they were using two levels of accounts. The answer was, "No." Two accounts? Whatever for?

  • The first…

Read more

Evaluating my SQL Connection Scores

This evening I received my SQL Connection scores for the following presentations:

  • Windows Internals for DB Pros
  • From the Ramparts: Knowing What to Look for in SQL Server Security

Let's break down what the information provided told me.

Windows Internals

There were 17 evaluations turned in. Of these, I must… Read more

Cain does LSA Secrets dump on Vista and higher now

Since going back to being a senior DBA, I've not stayed on top of the latest tools like I did as primarily a security professional. The last time I looked at Cain, it was not able to do the LSA Secrets dump on Vista and higher OSes. This is… Read more

"What's the point?"

This is a crucial question with regards to what needs to be done. It really hit home after listening to Cynthia Tobias make this the center of what are we trying to do with regards to students. The example she gave was a teacher who was at wit's end with… Read more

It's not about whether you're a consultant or full-time staff...

There's an article that's making its way through the SQL Ranks: Consultants are pros, while corporate IT staff are minor leaguers. Louis Davidson (blog | twitter) has a response to it here: Big League Technical Staff. Basically, the premise of the original is that consultants are… Read more

An Appeal to Those Writing Training Documentation and Labs

I'm coming to the end of a week of training in a Microsoft Official Curriculum (MOC) Course. I should expect that best practices and gotchas would be covered, especially since this is an Install and Configure course, but I know better. Here are the things that I've seen that make… Read more

On Leadership - Lead by Example

This is the second part of a leadership series I started with On Leadership - Lead from the Front. To recap the basic leadership lessons I learned and which I follow, here they are:


  • Lead from the front.
  • Lead by example.
  • Never ask your men to do something you…

Read more

SQL PASS ERC: How to Score the Interview?

One of the topics the Election Review Committee has discussed is how best to score the interview portion. Because of the nature of the interview, it's not something that can really be put out there for review by the world at large. If you're thinking, why not? Imagine you just… Read more

SQL Injection: It's not just about your data

On the topic of my SQL Connections SQL Server presentation, one of the things I pointed out about recent SQL injection attacks is they aren't exclusively targeting data any longer. Sure, the hacks against MySQL.com did target data, but an attack occuring at the same time sought to embed redirect… Read more

Epsilon Data Breach and Staying Safe

By now, you may have received an email from one of the larger businesses you've given your email address to saying that due to their marketing provider being breached, hackers have your email address. A marketing company, Epsilon, had customer names and email addresses stolen. There are quite a few… Read more

A SQL Story in Eleven Words or Less

Tom LaRock (blog | twitter) proposed a Meme Monday and his first choice of topics was to write a SQL Server related story in eleven words or less. Here's mine:

Blank sa password. Got SQL. Admin. Got Server. Escalate. Got Domain.

This scenario I actually covered in my… Read more

Isolating SQL Server from other systems

In a recent explanation about the RSA breach, Rick Wanner wrote on the Internet Storm Center (ISC) Diary:

The traditional paradigm of a well protected perimeter with a soft inside should be dead.  There are just too many ways to circumvent the perimeter, spear phishing being just one.

He… Read more

Reflections on Dev Connections / SQL Connections

When SQL Connections in the spring was announced, the folks at Red Gate and SQL Server Central reached out to a few of us about submitting abstracts for a SQLServerCentral.com track at the event. A couple of years ago I had submitted several abstracts for the SQL Connections event in… Read more