Post reply

Limit Your Data Liability

  • November 23, 2009 at 8:25 pm

    #143108

    Comments posted to this topic are about the item Limit Your Data Liability

    Follow me on Twitter: http://www.twitter.com/way0utwest
    Forum Etiquette: How to post data/code on a forum to get the best help
    My Blog: www.voiceofthedba.com

  • November 24, 2009 at 8:46 am

    #1083504

    One of the dumbest things I've ever had to handle was being handed a laptop when I was hired, with a spreadsheet of all the sa passwords for all the servers in the company. The purpose was to make it convenient for me to VPN to the servers to handle problems even while not on the premises, but if I ever lost that thing (haven't done so yet), the problems would be huge.

    The databases that could be accessed with those passwords contain thousands of people's data, including name, address history, income, asset values, SSNs, driver's license numbers, passport numbers, height, weight, eye color, hair color, employment history, certain legal information, next-of-kin data in many cases, and more. And none of it is encrypted.

    I deleted the file from the laptop. Now it's more of a paperweight if you don't know the passwords (I memorized them), but it was still a bit of a shock to be handed such a thing.

    And, no, the passwords were not changed when the prior DBA quit. For all anyone knows, he has that same spreadsheet.

    And, yes, the company laid off its system security manager months ago and hasn't replaced him.

    But all of that is pretty much par for the course here. It would be laughable if it weren't horrifying.

    - Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
    Property of The Thread

    "Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon

  • November 24, 2009 at 8:56 am

    #1083512

    Well, I'm hoping you don't work for my bank, doctor, mortgage broker, etc.

    I've seen similar things in many places. I have had to implement the "change sysadmin password immediately when one quits" processes at almost everywhere I've worked. It is scary.

    I learned that in a bar. We re-keyed the locks after every other manager left. If one left, we knew who would be breaking in. With 2, you can't be sure, and it was a big deal, so we changed then.

    Follow me on Twitter: http://www.twitter.com/way0utwest
    Forum Etiquette: How to post data/code on a forum to get the best help
    My Blog: www.voiceofthedba.com

  • November 24, 2009 at 10:44 am

    #1083586

    What's to debate? People who violate the privacy of others should be stripped of all their personal assets - which should pay for their apprehension and compensate their victims, banned forever from ever holding any position of trust, especially public trust, and required to spend the rest of their natural lives performing labor to compensate their victims.

    The same, obviously, should be the fate of Presidents, their cabinet members, Vice Presidents, members of Congress and the Senate who misappropriate taxpayers money or exceed the authority granted them by the constitutions of their countries.

    What's to debate? Isn't this common sense?

    Rehabilitation should always be an option, but only after all the victims of the crimes agree they have been made completely whole by the labors of the perpetrators.

  • November 24, 2009 at 11:19 am

    #1083599

    Steve Jones - Editor (11/24/2009)

    Well, I'm hoping you don't work for my bank, doctor, mortgage broker, etc.

    I've seen similar things in many places. I have had to implement the "change sysadmin password immediately when one quits" processes at almost everywhere I've worked. It is scary.

    I learned that in a bar. We re-keyed the locks after every other manager left. If one left, we knew who would be breaking in. With 2, you can't be sure, and it was a big deal, so we changed then.

    Nope, I don't work for any of those. But I'd have to answer differently for a few thousand other people.

    The other question, of course, is are the companies you do deal with any better about it?

    Even if they are, I could tell you things about the (total lack of) security of the data sources that we deal with that would scare the heck out of you. Even if our databases were more secure than Fort Knox, the vendors we get the data from are, in many cases, about as secure as a car relying on "The Club". It's not something to inspire confidence. Quite the opposite.

    And if Pelosicare goes through, in very short order, all your health and medical data will enjoy that same level of security and verification! There are reasons I say privacy is a myth.

    - Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
    Property of The Thread

    "Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply