SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


We Don't Care about Data and IT Security


We Don't Care about Data and IT Security

Author
Message
K. Brian Kelley
K. Brian Kelley
Keeper of the Duck
Keeper of the Duck (13K reputation)

Group: Moderators
Points: 13378 Visits: 1917
Comments posted to this topic are about the item We Don't Care about Data and IT Security

K. Brian Kelley
@‌kbriankelley
David.Poole
David.Poole
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10035 Visits: 3337
Back in the C19th they didn't care about clean water and drainage. In fact Joseph Bazellgette was lampooned for suggesting that London needed such things.
Amazing what rampant Cholera and Typhus can do to change attitudes.

We haven't had the data equivalent of those diseases but we will do and probably soon. At that point we will learn some very harsh lessons.

I think those lessons will come when the new memory technology that allows you to have an affordable 16TB rather than an expensive 16GB laptop comes into play. At that point computers will be so powerful that every one becomes a supercomputer. Black hats with their own personal supercomputers. God help us all.

LinkedIn Profile

Newbie on www.simple-talk.com
Yet Another DBA
Yet Another DBA
SSChasing Mays
SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)

Group: General Forum Members
Points: 654 Visits: 1239
I'm not for the Nanny state, over burdensome regulations. If someone wants to get a Darwin award, fine by me.

But where others get affected then I do see the issues. The ICO in the UK should have teeth and use them and fine companies that allow personal data to be stolen due to their lack securitty. Currently its underfunded and doesn't have a lot of power.
GilaMonster
GilaMonster
SSC Guru
SSC Guru (114K reputation)SSC Guru (114K reputation)SSC Guru (114K reputation)SSC Guru (114K reputation)SSC Guru (114K reputation)SSC Guru (114K reputation)SSC Guru (114K reputation)SSC Guru (114K reputation)

Group: General Forum Members
Points: 114285 Visits: 45484
I have a friend who is of the opinion that it is impossible for his accounts to be hacked. Not unlikely, not difficult. Flat out impossible. He also says he doesn't care at all if his credit card numbers are stolen, as he'll just cancel the card and get a new one.

This is someone who is a near full time user of Facebook and G+

With that kind of attitude, how do you even approach IT security?

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


Gary Varga
Gary Varga
SSCoach
SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)

Group: General Forum Members
Points: 19653 Visits: 6534
Yet Another DBA (8/11/2014)
I'm not for the Nanny state, over burdensome regulations. If someone wants to get a Darwin award, fine by me.

But where others get affected then I do see the issues. The ICO in the UK should have teeth and use them and fine companies that allow personal data to be stolen due to their lack securitty. Currently its underfunded and doesn't have a lot of power.


I have reported incidents to the ICO and, (without truly comparing the misdeeds) like with other crimes, I - the victim - have been treated poorly by those supposed to protect me (among others). Bearing in mind that I have a reasonable amount of knowledge of the ICO, the appropriate laws and the incidents, I have been amazed at the contempt and/or indifference I have faced following reporting them.

It is no wonder why companies do not take the issue seriously when the enforcement agency's response to issues raised are a joke.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Gary Varga
Gary Varga
SSCoach
SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)

Group: General Forum Members
Points: 19653 Visits: 6534
GilaMonster (8/11/2014)
I have a friend who is of the opinion that it is impossible for his accounts to be hacked. Not unlikely, not difficult. Flat out impossible. He also says he doesn't care at all if his credit card numbers are stolen, as he'll just cancel the card and get a new one.

This is someone who is a near full time user of Facebook and G+

With that kind of attitude, how do you even approach IT security?


Focus on everyone/anyone else. We all know an ostrich or too.

I have to say, Gail, that you are showing amazing restraint. I once was fixing a family member's computer when they announced (from a metaphorical soap box) that they didn't use their computer for a particular activity. 20 minutes later I showed them:

    a) that I had fixed their computer

    b) evidence that they had done that "particular activity" the night before


Was I wrong? Maybe as it wasn't an illegal activity. I did educate them though Laugh

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Gary Varga
Gary Varga
SSCoach
SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)

Group: General Forum Members
Points: 19653 Visits: 6534
I think that we all need to do better. Microsoft has shown that it could move from the back of the pack and I hope that all leading IT companies will push further ahead.

We need better practices so we must do them ourselves. We also need support from our tools vendors but it is us who can demand it. I guess we need to highlight this with them and accept that it may make our day job just a little less easy e.g. like losing sa with a blank password - on mass we didn't use it or expect it so it was easier for it to be removed (industry understanding).

My biggest concerns remain with the content providers like those under the banner of social media e.g. FaceBook. There have been plenty of examples of what I would call "wrong doing" which are sometimes legal but, in my opinion, immoral.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
chrisn-585491
chrisn-585491
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2574 Visits: 2470
It doesn't help if a DBA or developer cares about security, if their boss and the rest of the org table doesn't. It's time for the C-levels to actually earn their pay and make security a priority.

Target? Their previous CIO was a marketing wiz, not a IT professional. If they had put the effort into security that they did into marketing analytics, they wouldn't have had the issues that vexed them last year.
patrickmcginnis59 10839
patrickmcginnis59 10839
SSCrazy
SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)

Group: General Forum Members
Points: 2375 Visits: 5644
GilaMonster (8/11/2014)
I have a friend who is of the opinion that it is impossible for his accounts to be hacked. Not unlikely, not difficult. Flat out impossible. He also says he doesn't care at all if his credit card numbers are stolen, as he'll just cancel the card and get a new one.

My solution is super easy, I set all files and directories to allow read / write access to everyone and remove all passwords, this makes unauthorized access impossible!

to properly post on a forum:
http://www.sqlservercentral.com/articles/61537/
Gary Varga
Gary Varga
SSCoach
SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)

Group: General Forum Members
Points: 19653 Visits: 6534
patrickmcginnis59 10839 (8/11/2014)
GilaMonster (8/11/2014)
I have a friend who is of the opinion that it is impossible for his accounts to be hacked. Not unlikely, not difficult. Flat out impossible. He also says he doesn't care at all if his credit card numbers are stolen, as he'll just cancel the card and get a new one.

My solution is super easy, I set all files and directories to allow read / write access to everyone and remove all passwords, this makes unauthorized access impossible!


Isn't that like making one's life so unenviable so they can only make it better?

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search