SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


We Don't Care about Data and IT Security


We Don't Care about Data and IT Security

Author
Message
K. Brian Kelley
K. Brian Kelley
Keeper of the Duck
Keeper of the Duck (25K reputation)

Group: Moderators
Points: 25770 Visits: 1917
Comments posted to this topic are about the item We Don't Care about Data and IT Security

K. Brian Kelley
@‌kbriankelley
Dave Poole
Dave Poole
SSCoach
SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)

Group: General Forum Members
Points: 17216 Visits: 3403
Back in the C19th they didn't care about clean water and drainage. In fact Joseph Bazellgette was lampooned for suggesting that London needed such things.
Amazing what rampant Cholera and Typhus can do to change attitudes.

We haven't had the data equivalent of those diseases but we will do and probably soon. At that point we will learn some very harsh lessons.

I think those lessons will come when the new memory technology that allows you to have an affordable 16TB rather than an expensive 16GB laptop comes into play. At that point computers will be so powerful that every one becomes a supercomputer. Black hats with their own personal supercomputers. God help us all.

LinkedIn Profile
www.simple-talk.com
Yet Another DBA
Yet Another DBA
Ten Centuries
Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)

Group: General Forum Members
Points: 1069 Visits: 1246
I'm not for the Nanny state, over burdensome regulations. If someone wants to get a Darwin award, fine by me.

But where others get affected then I do see the issues. The ICO in the UK should have teeth and use them and fine companies that allow personal data to be stolen due to their lack securitty. Currently its underfunded and doesn't have a lot of power.
GilaMonster
GilaMonster
SSC Guru
SSC Guru (234K reputation)SSC Guru (234K reputation)SSC Guru (234K reputation)SSC Guru (234K reputation)SSC Guru (234K reputation)SSC Guru (234K reputation)SSC Guru (234K reputation)SSC Guru (234K reputation)

Group: General Forum Members
Points: 234051 Visits: 46366
I have a friend who is of the opinion that it is impossible for his accounts to be hacked. Not unlikely, not difficult. Flat out impossible. He also says he doesn't care at all if his credit card numbers are stolen, as he'll just cancel the card and get a new one.

This is someone who is a near full time user of Facebook and G+

With that kind of attitude, how do you even approach IT security?

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


Gary Varga
Gary Varga
One Orange Chip
One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)

Group: General Forum Members
Points: 27735 Visits: 6556
Yet Another DBA (8/11/2014)
I'm not for the Nanny state, over burdensome regulations. If someone wants to get a Darwin award, fine by me.

But where others get affected then I do see the issues. The ICO in the UK should have teeth and use them and fine companies that allow personal data to be stolen due to their lack securitty. Currently its underfunded and doesn't have a lot of power.


I have reported incidents to the ICO and, (without truly comparing the misdeeds) like with other crimes, I - the victim - have been treated poorly by those supposed to protect me (among others). Bearing in mind that I have a reasonable amount of knowledge of the ICO, the appropriate laws and the incidents, I have been amazed at the contempt and/or indifference I have faced following reporting them.

It is no wonder why companies do not take the issue seriously when the enforcement agency's response to issues raised are a joke.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Gary Varga
Gary Varga
One Orange Chip
One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)

Group: General Forum Members
Points: 27735 Visits: 6556
GilaMonster (8/11/2014)
I have a friend who is of the opinion that it is impossible for his accounts to be hacked. Not unlikely, not difficult. Flat out impossible. He also says he doesn't care at all if his credit card numbers are stolen, as he'll just cancel the card and get a new one.

This is someone who is a near full time user of Facebook and G+

With that kind of attitude, how do you even approach IT security?


Focus on everyone/anyone else. We all know an ostrich or too.

I have to say, Gail, that you are showing amazing restraint. I once was fixing a family member's computer when they announced (from a metaphorical soap box) that they didn't use their computer for a particular activity. 20 minutes later I showed them:

    a) that I had fixed their computer

    b) evidence that they had done that "particular activity" the night before


Was I wrong? Maybe as it wasn't an illegal activity. I did educate them though Laugh

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Gary Varga
Gary Varga
One Orange Chip
One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)

Group: General Forum Members
Points: 27735 Visits: 6556
I think that we all need to do better. Microsoft has shown that it could move from the back of the pack and I hope that all leading IT companies will push further ahead.

We need better practices so we must do them ourselves. We also need support from our tools vendors but it is us who can demand it. I guess we need to highlight this with them and accept that it may make our day job just a little less easy e.g. like losing sa with a blank password - on mass we didn't use it or expect it so it was easier for it to be removed (industry understanding).

My biggest concerns remain with the content providers like those under the banner of social media e.g. FaceBook. There have been plenty of examples of what I would call "wrong doing" which are sometimes legal but, in my opinion, immoral.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
chrisn-585491
chrisn-585491
Hall of Fame
Hall of Fame (4K reputation)Hall of Fame (4K reputation)Hall of Fame (4K reputation)Hall of Fame (4K reputation)Hall of Fame (4K reputation)Hall of Fame (4K reputation)Hall of Fame (4K reputation)Hall of Fame (4K reputation)

Group: General Forum Members
Points: 3972 Visits: 2565
It doesn't help if a DBA or developer cares about security, if their boss and the rest of the org table doesn't. It's time for the C-levels to actually earn their pay and make security a priority.

Target? Their previous CIO was a marketing wiz, not a IT professional. If they had put the effort into security that they did into marketing analytics, they wouldn't have had the issues that vexed them last year.
patrickmcginnis59 10839
patrickmcginnis59 10839
SSCarpal Tunnel
SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)

Group: General Forum Members
Points: 4488 Visits: 5925
GilaMonster (8/11/2014)
I have a friend who is of the opinion that it is impossible for his accounts to be hacked. Not unlikely, not difficult. Flat out impossible. He also says he doesn't care at all if his credit card numbers are stolen, as he'll just cancel the card and get a new one.

My solution is super easy, I set all files and directories to allow read / write access to everyone and remove all passwords, this makes unauthorized access impossible!

to properly post on a forum:
http://www.sqlservercentral.com/articles/61537/
Gary Varga
Gary Varga
One Orange Chip
One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)

Group: General Forum Members
Points: 27735 Visits: 6556
patrickmcginnis59 10839 (8/11/2014)
GilaMonster (8/11/2014)
I have a friend who is of the opinion that it is impossible for his accounts to be hacked. Not unlikely, not difficult. Flat out impossible. He also says he doesn't care at all if his credit card numbers are stolen, as he'll just cancel the card and get a new one.

My solution is super easy, I set all files and directories to allow read / write access to everyone and remove all passwords, this makes unauthorized access impossible!


Isn't that like making one's life so unenviable so they can only make it better?

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search