As long as you didn't require administrative rights, you could configure the service failure response to run an application, just as you could with any other service. A simple thing...

I don't want my kids to go into IT.

While some work places are great, I see the following too often:

- Long hours are expected of IT workers with no reasonable...

TomThomson (8/13/2014)

---

Yeah, sure, so...

venoym (8/13/2014)

---

K. Brian Kelley (8/12/2014)

---

patrickmcginnis59 10839 (8/12/2014)

---

I know I'm a little slow, but I'm having some difficulty identifying venoym's mistake, from what I've read he's actually talking about required and...

patrickmcginnis59 10839 (8/12/2014)

---

I know I'm a little slow, but I'm having some difficulty identifying venoym's mistake, from what I've read he's actually talking about required and recommended practices. Could you...

venoym (8/12/2014)

---

K. Brian Kelley (8/11/2014)

---

venoym (8/11/2014)

---

I have to question the "myth" of the Air-Gap that is referenced. A proper Air-Gap or Data Diode for SCADA systems provides a level...

John Hanrahan (8/11/2014)

---

That sounds like Auditors who know their stuff. I have been through audit after audit the last few years and have found from an IT perspective the...

JoeS 3024 (8/11/2014)

---

The points about Education and Core garbage is right, there is a lot of fighting and unnecessary stuff going on about that. Which is why it's a...

Eric M Russell (8/11/2014)

---

Microsoft, after taking some hits for their "insecure by default" configurations and applications, tightened things up greatly. It caused project time lines to be extended and delayed...

JoeS 3024 (8/11/2014)

---

If we really want this to start changing then get it into the schools (grade schools where computer learning starts now a day) and start explaining to the...

venoym (8/11/2014)

---

I have to question the "myth" of the Air-Gap that is referenced. A proper Air-Gap or Data Diode for SCADA systems provides a level of protection that cannot...

chrisn-585491 (8/11/2014)

---

It doesn't help if a DBA or developer cares about security, if their boss and the rest of the org table doesn't. It's time for the C-levels to actually...

HASHBYTES() itself does not support a parameter for a salt. You'll have to be a little creative, like so:

Adding Salt to HASHBYTES() (StackOverflow)

Jeff,

I wouldn't make that assumption. We've only been given limited info from the forensics done thus far. We've been told:

- tcp/1433 was exposed.

- A SQL Server Agent...

In that case, you should also make it so that DBAs only have read privs. 😉 There's no difference here between running a bad xp_CmdShell command...