SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Encrypt Everything


Encrypt Everything

Author
Message
djackson 22568
djackson 22568
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2616 Visits: 1241
Ralph Hightower (12/16/2013)
Pick on South Carolina. The South Carolina Department of Revenue didn't encrypt the Social Security Numbers of taxpayers who filed electronic tax returns. Whoops! Now hackers have 6 million Social Security Numbers when they hacked into the computer systems.

You could substitute pretty much anything for "South Carolina" and "South Carolina Department of Revenue".

I am not knowledgeable enough to consider myself a cracker (true term for what the media calls hacker, all of us are hackers), but even I can break into a huge percentage of systems. Take anyone with minimal skills, or anyone willing to download automated tools, and the vast majority of systems are at risk.

As I see it, there are at least a couple viewpoints we need to have.

1) We all need to do a better job securing our data and our infrastructures
2) Independent hackers, not affiliated with any country, are a significant threat that we need to protect ourselves against, and we need to stop assuming we have nothing they want
3) Countries are also attacking us, not just the US and china, but all of them

An interesting article I read this weekend explained how one state (Louisiana?) is suing IBM for its involvement with the NSA. Lawyers always find a way to include more and more entities in lawsuits in order to maximize their profits. This is just the tip of the iceberg. I find it ironic that a government is suing a company due to their involvement wiht the government.

Dave
Andy Leonard
Andy Leonard
SSCrazy
SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)

Group: General Forum Members
Points: 2309 Visits: 1101
If Snowden's leaks are to be believed, the NSA pressured encryption providers to provide some sort of access to them. In addition, a handful of encrypted services providers (http://rt.com/usa/cryptoseal-vpn-close-grant-nsa-521/ , for example) opted to close their doors rather than comply with the NSA.

I don't expect the djinn to make it back to the bottle. Sad

That said, I applaud the efforts of the companies that have announced they will add more encryption.

Andy

Andy Leonard
Data Philosopher, Enterprise Data & Analytics
Steve Jones
Steve Jones
SSC Guru
SSC Guru (144K reputation)SSC Guru (144K reputation)SSC Guru (144K reputation)SSC Guru (144K reputation)SSC Guru (144K reputation)SSC Guru (144K reputation)SSC Guru (144K reputation)SSC Guru (144K reputation)

Group: Administrators
Points: 144382 Visits: 19424
djackson 22568 (12/16/2013)


I am not knowledgeable enough to consider myself a cracker (true term for what the media calls hacker, all of us are hackers), but even I can break into a huge percentage of systems. Take anyone with minimal skills, or anyone willing to download automated tools, and the vast majority of systems are at risk.


Try "System" and "Manager" on Oracle systems. Works like "sa" and "" on many SQL Server systems.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Miles Neale
Miles Neale
SSCarpal Tunnel
SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)

Group: General Forum Members
Points: 4216 Visits: 1695
Steve, Nice word and the point of view is excellent. If we cannot protect "data at rest" we should at least protect the "data in motion". As you say it would be great to do both, and we should depending on the classification of the data being used. But there is even a fallacy in that. Our systems often do not know the difference between the data classification of each transaction, so it is far better to protect it all, just in case a programmer/analyst/developer/architect makes a mistake.

I cannot say that encryption covers a multitude of IT sins or errors, but every tool and strategy we can deploy to thwart the "enemy" we should.

Nice one!

Miles...

Not all gray hairs are Dinosaurs!
Gary Varga
Gary Varga
One Orange Chip
One Orange Chip (26K reputation)One Orange Chip (26K reputation)One Orange Chip (26K reputation)One Orange Chip (26K reputation)One Orange Chip (26K reputation)One Orange Chip (26K reputation)One Orange Chip (26K reputation)One Orange Chip (26K reputation)

Group: General Forum Members
Points: 26991 Visits: 6543
No-one can help but see things from their perspective and, therefore, we have seen a very US-centric point of view on this i.e. the US Government targets US citizens, the US Government targets US corporations, foreign governments target US citizens, foreign governments target US corporations, foreign governments target US individuals etc.

The reality has been that a lot of governments around the world, a lot of organised crime syndicates around the world, a lot of corporations around the world, a lot of private collectives around the world and a lot of individuals around the world have been hacking governments from around the world, corporations from around the world and a lot of individuals from around the world. Ask Angela Merkel Whistling

I think that a politician from Portugal said it best when he said that the US Government was only doing what all governments would do given the same amount of funding.

I accept that it is most likely that the Chinese government and Chinese corporations are hacking US targets (I haven't seen the proof myself but I am prepared to take the reports at face value) but I bet that those Chinese Government and corporations are being hacked by the US too.

Also, I wonder if Chinese corporations have better practices to protect themselves from their own Government?

BTW I have no axe to grind. I am from the UK whose government also indulges in such practices ;-)

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
djackson 22568
djackson 22568
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2616 Visits: 1241
Gary Varga (12/24/2013)


Also, I wonder if Chinese corporations have better practices to protect themselves from their own Government?



GRIN - The chinese corporations ARE the chinese government. GRIN

Socialism, so the government runs everything. It is the only good thing about china, eventually the government will fall due to how the people are treated. I saw one recent news article that claimed in one city they have to wear masks due to the pollution! As much as I despise how the US government is being run, especially over the last 20 years or so, there are worse governments to be had.

Dave
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search