SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


The Opportunistic Hacker


The Opportunistic Hacker

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (563K reputation)SSC Guru (563K reputation)SSC Guru (563K reputation)SSC Guru (563K reputation)SSC Guru (563K reputation)SSC Guru (563K reputation)SSC Guru (563K reputation)SSC Guru (563K reputation)

Group: Administrators
Points: 563799 Visits: 20837
Comments posted to this topic are about the item The Opportunistic Hacker

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Eirikur Eiriksson
Eirikur Eiriksson
SSC Guru
SSC Guru (148K reputation)SSC Guru (148K reputation)SSC Guru (148K reputation)SSC Guru (148K reputation)SSC Guru (148K reputation)SSC Guru (148K reputation)SSC Guru (148K reputation)SSC Guru (148K reputation)

Group: General Forum Members
Points: 148290 Visits: 22370
Good points Steve and unfortunately far too common. A good Kensington Lock Kit costs around $20, interesting to see a raise of hands here, how many use those regularly?, and how many breach the simplest security practices by having data of any value on their portables?
Cool

Note that if the laptop was turned on, a good hacker would not have much of a problem breaching security measures such as disk encryption, given that he could "operate" on it within the lifetime of the battery.
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (817K reputation)SSC Guru (817K reputation)SSC Guru (817K reputation)SSC Guru (817K reputation)SSC Guru (817K reputation)SSC Guru (817K reputation)SSC Guru (817K reputation)SSC Guru (817K reputation)

Group: General Forum Members
Points: 817921 Visits: 46323
Wow! Seriously? People actually do that? Why the hell would ANYONE in their right mind trust such a person they've just met with their laptop? That's like handing them your wallet and expecting them to stick around. Just plain stupid.

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Yet Another DBA
Yet Another DBA
Hall of Fame
Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)

Group: General Forum Members
Points: 3453 Visits: 1246
Eirikur Eiriksson (4/13/2015)
..... A good Kensington Lock Kit costs around $20, interesting to see a raise of hands here, how many use those regularly?....


Do you really think these are secure?

One of the Security Managers that I worked with, one of the better ones, was going on about these locks and how it would take too much time to break on his laptop. Then he promptly went to a meeting. Took less than 10 seconds to bypass and then move the laptop to a more secure position Rolleyes The Security Manager was eventually amused.
Eirikur Eiriksson
Eirikur Eiriksson
SSC Guru
SSC Guru (148K reputation)SSC Guru (148K reputation)SSC Guru (148K reputation)SSC Guru (148K reputation)SSC Guru (148K reputation)SSC Guru (148K reputation)SSC Guru (148K reputation)SSC Guru (148K reputation)

Group: General Forum Members
Points: 148290 Visits: 22370
Yet Another DBA (4/14/2015)
Eirikur Eiriksson (4/13/2015)
..... A good Kensington Lock Kit costs around $20, interesting to see a raise of hands here, how many use those regularly?....


Do you really think these are secure?

One of the Security Managers that I worked with, one of the better ones, was going on about these locks and how it would take too much time to break on his laptop. Then he promptly went to a meeting. Took less than 10 seconds to bypass and then move the laptop to a more secure position Rolleyes The Security Manager was eventually amused.



Nothing is perfectly secure but there is a big difference between these products, some are really bad while others have motion detection, build in alarm etc. All WYPIWYG;-)
Cool
t.pinder
t.pinder
SSC Journeyman
SSC Journeyman (82 reputation)SSC Journeyman (82 reputation)SSC Journeyman (82 reputation)SSC Journeyman (82 reputation)SSC Journeyman (82 reputation)SSC Journeyman (82 reputation)SSC Journeyman (82 reputation)SSC Journeyman (82 reputation)

Group: General Forum Members
Points: 82 Visits: 69
Well, if you can't trust someone you just met in a coffee shop then who can you trust?
Grant Fritchey
Grant Fritchey
SSC Guru
SSC Guru (340K reputation)SSC Guru (340K reputation)SSC Guru (340K reputation)SSC Guru (340K reputation)SSC Guru (340K reputation)SSC Guru (340K reputation)SSC Guru (340K reputation)SSC Guru (340K reputation)

Group: General Forum Members
Points: 340059 Visits: 34009
Company I worked for did regular searches of the internet for the use of their name. One hit came back on Ebay. A stolen laptop was being advertised for sale and one of the selling points was that it was filled with company data. Thieves are opportunists, but not necessarily bright opportunists.

----------------------------------------------------
The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood...
Theodore Roosevelt

The Scary DBA
Author of: SQL Server Query Performance Tuning and SQL Server Execution Plans
Product Evangelist for Red Gate Software
john.riley-1111039
john.riley-1111039
SSC Eights!
SSC Eights! (854 reputation)SSC Eights! (854 reputation)SSC Eights! (854 reputation)SSC Eights! (854 reputation)SSC Eights! (854 reputation)SSC Eights! (854 reputation)SSC Eights! (854 reputation)SSC Eights! (854 reputation)

Group: General Forum Members
Points: 854 Visits: 207
Even *using* a company laptop in a public place poses a security risk, as people can look over you shoulder and see your data on screen. As for leaving it powered up with a stranger in a public place, that is stupidity deserving of disciplinary action. Our offices are classed as 'secure' in that access is controlled, yet we are still required to lock our screens when leaving our laptops in the office.

We are not allowed to leave laptops in view in locked cars, nor overnight/for any length of time (out of view) in locked cars at all. And these are all machines with whole-disk encryption.

Also, it is good practice, when refuelling your car to lock it whilst paying for the fuel. Many years ago, one of our employees failed to observe this basic precaution and had his company car, complete with laptop, stolen from the petrol station.

I am fortunate to work for a company which takes the security of its own data and that of its clients very seriously, and adopts technology and practices accordingly.
Yet Another DBA
Yet Another DBA
Hall of Fame
Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)

Group: General Forum Members
Points: 3453 Visits: 1246
It is the argument that access should be via remote desktop for administrators and the laptop being a bland install with no tools. Enables the security team to lock the account or bar the latop connection as soon as they become aware.
Ed Wagner
Ed Wagner
SSC Guru
SSC Guru (251K reputation)SSC Guru (251K reputation)SSC Guru (251K reputation)SSC Guru (251K reputation)SSC Guru (251K reputation)SSC Guru (251K reputation)SSC Guru (251K reputation)SSC Guru (251K reputation)

Group: General Forum Members
Points: 251688 Visits: 12111
Personally, I wouldn't be sitting around working in a Starbucks. Then again, I'm also the semi-paranoid type who won't use public wireless networks for work at all because they aren't secure. I've heard and read too many instances of people getting things hijacked and just don't use them.

My company has some good rules for working with data. No unencrypted copies of data, full disk encryption, don't take data home, make sure your devices are protected and encrypted, etc. Mostly common sense stuff, but making it policy makes it more real for everyone and enforceable. I don't have to like everything that's in place, but I certainly do respect it. The alternative is to bury your head in the sand and not believe anything bad can happen - until it does.


Tally Tables - Performance Personified
String Splitting with True Performance
Best practices on how to ask questions
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum








































































































































































SQLServerCentral


Search