It’s Time to End Password Reuse

Last week Ebay announced that some accounts were compromised, including passwords with as yet unstated encryption. Those who aren’t tech savvy here “encryption” and think “well, then I’m ok”. Maybe yes, may no. The problem is that if they break the encryption they will immediately try to plug that password into hundreds of sites. The […]

Read more "It’s Time to End Password Reuse"

An Sp_addrolemember Gotcha

Over the past few months there have been a handful of times when I had to fix a security problem by granting connect to the user. It wasn’t a big deal so I put it on the ‘figure out later’ list. Today it happened again and I had some time, so I took a deeper […]

Read more "An Sp_addrolemember Gotcha"

Password Cracking–Part 2

Two days felt like a long time, so we found a cloud server with 16 cores we could use. We guessed on the threads and were able to run it at an average of 90% utilization (and it seems to use all the cores). The initial projection was 14 hours so it seemed better, but […]

Read more "Password Cracking–Part 2"

A Minute About Minute Key

You may have seen these minuteKey boxes at your local home supply store (Lowes has it near me) that let you make your own copies of common key types:     I tried it out over the weekend. Quick, painless, and if anything not very exciting to watch. I didn’t time it, but maybe 4 […]

Read more "A Minute About Minute Key"

Webinar Today at 3pm

I’m taking on a new topic today. Titled “ How to capture who did what in your SQL Server databases”, it’s a good overview of some of the techniques that can be used for auditing. Much like disaster recovery options, there is quite an assortment of auditing/logging options in SQL and just picking one (or […]

Read more "Webinar Today at 3pm"