The Opportunistic Hacker

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715107

    Comments posted to this topic are about the item The Opportunistic Hacker

  • Eirikur Eiriksson

    SSC Guru

    Points: 182344

    Good points Steve and unfortunately far too common. A good Kensington Lock Kit costs around $20, interesting to see a raise of hands here, how many use those regularly?, and how many breach the simplest security practices by having data of any value on their portables?

    😎

    Note that if the laptop was turned on, a good hacker would not have much of a problem breaching security measures such as disk encryption, given that he could "operate" on it within the lifetime of the battery.

  • Jeff Moden

    SSC Guru

    Points: 994282

    Wow! Seriously? People actually do that? Why the hell would ANYONE in their right mind trust such a person they've just met with their laptop? That's like handing them your wallet and expecting them to stick around. Just plain stupid.

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
    "If you think its expensive to hire a professional to do the job, wait until you hire an amateur."--Red Adair
    "Change is inevitable... change for the better is not."
    When you put the right degree of spin on it, the number 3|8 is also a glyph that describes the nature of a DBAs job. 😉

    Helpful Links:
    How to post code problems
    Create a Tally Function (fnTally)

  • Yet Another DBA

    SSCarpal Tunnel

    Points: 4299

    Eirikur Eiriksson (4/13/2015)


    ..... A good Kensington Lock Kit costs around $20, interesting to see a raise of hands here, how many use those regularly?....

    Do you really think these are secure?

    One of the Security Managers that I worked with, one of the better ones, was going on about these locks and how it would take too much time to break on his laptop. Then he promptly went to a meeting. Took less than 10 seconds to bypass and then move the laptop to a more secure position :rolleyes: The Security Manager was eventually amused.

  • Eirikur Eiriksson

    SSC Guru

    Points: 182344

    Yet Another DBA (4/14/2015)


    Eirikur Eiriksson (4/13/2015)


    ..... A good Kensington Lock Kit costs around $20, interesting to see a raise of hands here, how many use those regularly?....

    Do you really think these are secure?

    One of the Security Managers that I worked with, one of the better ones, was going on about these locks and how it would take too much time to break on his laptop. Then he promptly went to a meeting. Took less than 10 seconds to bypass and then move the laptop to a more secure position :rolleyes: The Security Manager was eventually amused.

    Nothing is perfectly secure but there is a big difference between these products, some are really bad while others have motion detection, build in alarm etc. All WYPIWYG;-)

    😎

  • t.pinder

    SSC Enthusiast

    Points: 114

    Well, if you can't trust someone you just met in a coffee shop then who can you trust?

  • Grant Fritchey

    SSC Guru

    Points: 395417

    Company I worked for did regular searches of the internet for the use of their name. One hit came back on Ebay. A stolen laptop was being advertised for sale and one of the selling points was that it was filled with company data. Thieves are opportunists, but not necessarily bright opportunists.

    ----------------------------------------------------
    The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood...
    Theodore Roosevelt

    The Scary DBA
    Author of: SQL Server 2017 Query Performance Tuning, 5th Edition and SQL Server Execution Plans, 3rd Edition
    Product Evangelist for Red Gate Software

  • john.riley-1111039

    SSC Eights!

    Points: 961

    Even *using* a company laptop in a public place poses a security risk, as people can look over you shoulder and see your data on screen. As for leaving it powered up with a stranger in a public place, that is stupidity deserving of disciplinary action. Our offices are classed as 'secure' in that access is controlled, yet we are still required to lock our screens when leaving our laptops in the office.

    We are not allowed to leave laptops in view in locked cars, nor overnight/for any length of time (out of view) in locked cars at all. And these are all machines with whole-disk encryption.

    Also, it is good practice, when refuelling your car to lock it whilst paying for the fuel. Many years ago, one of our employees failed to observe this basic precaution and had his company car, complete with laptop, stolen from the petrol station.

    I am fortunate to work for a company which takes the security of its own data and that of its clients very seriously, and adopts technology and practices accordingly.

  • Yet Another DBA

    SSCarpal Tunnel

    Points: 4299

    It is the argument that access should be via remote desktop for administrators and the laptop being a bland install with no tools. Enables the security team to lock the account or bar the latop connection as soon as they become aware.

  • Ed Wagner

    SSC Guru

    Points: 286957

    Personally, I wouldn't be sitting around working in a Starbucks. Then again, I'm also the semi-paranoid type who won't use public wireless networks for work at all because they aren't secure. I've heard and read too many instances of people getting things hijacked and just don't use them.

    My company has some good rules for working with data. No unencrypted copies of data, full disk encryption, don't take data home, make sure your devices are protected and encrypted, etc. Mostly common sense stuff, but making it policy makes it more real for everyone and enforceable. I don't have to like everything that's in place, but I certainly do respect it. The alternative is to bury your head in the sand and not believe anything bad can happen - until it does.

  • Grant Fritchey

    SSC Guru

    Points: 395417

    All this "never use public WIFI" and "never work in public" might be viable when you have a job that requires you to show up in an office from 9-5. But if you're travelling as part of your work or you're a consultant without an office, or you're a person working for a company remotely, or your place of employment is one of the growing trend where they don't need you to be in the office every day, and probably many other reasons I can't think of, you may find yourself in a restaurant, at a library, in an airport, definitely in a hotel, using your laptop. It's unreasonable to assume otherwise. Yeah, the person who walked away from their laptop in the care of a random stranger in a completely open environment like a Starbucks, they pretty much deserve what they get. But there are a lot of us taking all the precautions we reasonably can, but can't just wall ourselves off in our cube in order to avoid everything and everyone that might be risky.

    Oh, and why have a laptop at all then?

    ----------------------------------------------------
    The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood...
    Theodore Roosevelt

    The Scary DBA
    Author of: SQL Server 2017 Query Performance Tuning, 5th Edition and SQL Server Execution Plans, 3rd Edition
    Product Evangelist for Red Gate Software

  • akljfhnlaflkj

    SSC Guru

    Points: 76202

    I'm so paranoid I'd hardly trust someone to save my place in line to go to the restroom.

  • akljfhnlaflkj

    SSC Guru

    Points: 76202

    Our CEO had her laptop stolen at an airport. I've never heard yet how that happened. It's been kept a secret. Must have been something like your Starbucks story.

  • t.pinder

    SSC Enthusiast

    Points: 114

    Grant Fritchey (4/14/2015)


    All this "never use public WIFI" and "never work in public" might be viable when you have a job that requires you to show up in an office from 9-5. But if you're travelling as part of your work or you're a consultant without an office, or you're a person working for a company remotely, or your place of employment is one of the growing trend where they don't need you to be in the office every day, and probably many other reasons I can't think of, you may find yourself in a restaurant, at a library, in an airport, definitely in a hotel, using your laptop. It's unreasonable to assume otherwise. Yeah, the person who walked away from their laptop in the care of a random stranger in a completely open environment like a Starbucks, they pretty much deserve what they get. But there are a lot of us taking all the precautions we reasonably can, but can't just wall ourselves off in our cube in order to avoid everything and everyone that might be risky.

    Oh, and why have a laptop at all then?

    But then you really ought to be using (at the very least) a VPN. and all the other security others have mentioned (whole disk encryption etc etc).

  • syoc

    Grasshopper

    Points: 11

    Anyone use a bait computer, leave the table, stare at it from a crack in the bathroom door waiting for it to be taken so you can tackle the idiot that takes it? I have. No one took it. What a let down.

Viewing 15 posts - 1 through 15 (of 58 total)

You must be logged in to reply to this topic. Login to reply