Busy week, should have blogged about it before the event Did a remote presentation on securing credit card data First time using Lync for remote, not hard to use, but not good to try 10 minutes before hand either (my fault) Camera in the room was nice, had a sense of the place at least […]Read more "Notes on the August 19, 2014 Pinellas SQL Group Meeting"
Last week Ebay announced that some accounts were compromised, including passwords with as yet unstated encryption. Those who aren’t tech savvy here “encryption” and think “well, then I’m ok”. Maybe yes, may no. The problem is that if they break the encryption they will immediately try to plug that password into hundreds of sites. The […]Read more "It’s Time to End Password Reuse"
Over the past few months there have been a handful of times when I had to fix a security problem by granting connect to the user. It wasn’t a big deal so I put it on the ‘figure out later’ list. Today it happened again and I had some time, so I took a deeper […]Read more "An Sp_addrolemember Gotcha"
Two days felt like a long time, so we found a cloud server with 16 cores we could use. We guessed on the threads and were able to run it at an average of 90% utilization (and it seems to use all the cores). The initial projection was 14 hours so it seemed better, but […]Read more "Password Cracking–Part 2"
I recently ran across the warrant canary FAQ from the Electronic Frontier Foundation (EFF). The concept is simple – put up a statement now saying that so far you have not been compelled by a secret order to turn over data to the government. Wikipedia has an entry for it. The example I read about […]Read more "Warrant Canaries & Transparency"
If you deal with security and especially credit cards it’s worth spending an hour or two to read the 2014 Data Breach Investigation Report and the 2014 PCI Compliance Report. Lots of interesting stuff in them. The PCI report in particular calls out some of the changes in DSS v3 – I promise some of […]Read more "Verizon PCI and Data Breach Investigation Reports"
You may have seen these minuteKey boxes at your local home supply store (Lowes has it near me) that let you make your own copies of common key types: I tried it out over the weekend. Quick, painless, and if anything not very exciting to watch. I didn’t time it, but maybe 4 […]Read more "A Minute About Minute Key"
I’m taking on a new topic today. Titled “ How to capture who did what in your SQL Server databases”, it’s a good overview of some of the techniques that can be used for auditing. Much like disaster recovery options, there is quite an assortment of auditing/logging options in SQL and just picking one (or […]Read more "Webinar Today at 3pm"
If you missed it live you get a second chance! http://www.mssqltips.com/sql-server-video/284/security-compliance-and-sql-server-video/. Had about 300 attend and more questions than we could answer in the time left, will try to do some follow up posts in the next week or so to answer them (and feel free to post questions here as well).Read more "Security, Compliance, and SQL Server – Recording Now Available"
I hope you can make time for a learning break at work today – register directly at https://www2.gotomeeting.com/register/279348610 to learn more about how to deal with your corporate Security and Compliance teams, and what you can do to keep your databases secure.Read more "Reminder: I’m Presenting Security, Compliance, and SQL Server Today at 3PM Eastern"