September 6, 2011 at 12:23 am
Comments posted to this topic are about the item From Vandalism to Serious Crime
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
September 6, 2011 at 12:27 am
I agree, everyone in our line of work needs competence in security. How to build secure applications and know about the more common hacks and tricks like cross scripting, injection attacks etc.
However, if you have pointed out to your boss and perhaps his boss and nothing is done about security issues and competence and the company later suffers for this you should be safe. However, if you do get in the line of fire from your boss, that is not a company I'd like to work on anyway.
September 6, 2011 at 1:22 am
I would also agree with the statement, far too often security is seen as a major hinderance and a complete pain, yet they want secure systems.
I ofetn take the view of, well if you don't like it it's tough, if you want the system secure there is a small price to pay. I would fight tooth and nail to get security implemented how I believe it should be.
You can't always have your cake and eat it as they say.
😀
September 6, 2011 at 7:24 am
In all fairness, is it really the responsibility of the DBA and/or net admin to review all of the web app and client app source code developed by their company? Particularly when there are entire departments in charge of development and QC? What politically correct context supports IT staff going on record as being critical, across those department lines?
Where developers deploy code that's vulnerable to SQL Injection, IT staff are powerless to defend. And for IT staff to become vocal about what developers are doing wrong, will lead everyone to wonder if IT has enough to do that they *are* responsible for.
Sadly, when the proverbial fan takes its inevitable hit, that leaves it covered in oh-so-familiar stank brown ooze, who's head is first on the chopping block will usually bear little-to-no relationship to that mythical state of "all fairness". In my experience, when axes start falling, snivelers and bloody do-gooders seldoim fare all that well, the correctness of whatever they were on about, not withstanding.
-MM
[font="Comic Sans MS"]The Black Knight ALWAYS triumphs. Have at you![/font]
September 6, 2011 at 7:38 am
Often it's outside your control, and will be more so in the cloud.
The recent police email hack involved an outside vendor of computer services. (Some of the emails, though, showed some police officials making incredibly racist, bigoted, and unprofessional statements which suggests there is more at stake here than just IT jobs)
...
-- FORTRAN manual for Xerox Computers --
September 6, 2011 at 7:46 am
These attacks are motivated by hackers who are offended by the companies or organizations and are standing up for customers.
I don't doubt that many hackers are self deluded and see themselves as some sort of champion for the people. However, leaching personal data for thousands of random people and then posting it on the web is a strange way to express moral outrage and "stand up for customers".
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
September 6, 2011 at 8:52 am
mmcginty (9/6/2011)
...And for IT staff to become vocal about what developers are doing wrong, will lead everyone to wonder if IT has enough to do that they *are* responsible for.
I would be surprised if production staff would get questioned for pointing something out. It's not that you have to do a complete code review, but if you find an issue, you should be able to raise it. If you don't feel comfortable doing that, then either you're not thinking it through or you have a fairly dysfunctional organization.
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
September 6, 2011 at 8:53 am
Eric M Russell (9/6/2011)
These attacks are motivated by hackers who are offended by the companies or organizations and are standing up for customers.
I don't doubt that many hackers are self deluded and see themselves as some sort of champion for the people. However, leaching personal data for thousands of random people and then posting it on the web is a strange way to express moral outrage and "stand up for customers".
Completely agree here, and exposing informants or police names/data seems counterproductive as well.
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
September 6, 2011 at 10:28 am
Eric M Russell (9/6/2011)
These attacks are motivated by hackers who are offended by the companies or organizations and are standing up for customers.
I don't doubt that many hackers are self deluded and see themselves as some sort of champion for the people. However, leaching personal data for thousands of random people and then posting it on the web is a strange way to express moral outrage and "stand up for customers".
According to those interviews I've read, hackers finds it extremely exhilarating and does it for the rush and satisfaction they get. If they are intelligent, they can't really brag about their deed so that can't really be it, all thou a group can say they did it or an alias but few knows who that is anyway. Also take age into account, what fun stuff did you do when you were a kid or young? Did you not do a few things that did not go well with the society?
September 6, 2011 at 1:22 pm
Per a profile I recently read, one of the "leading lights" of Anonymous is a young woman whose father is very, very proud of the things his daughter does as a member of that group.
With that kind of situation, where a parent is encouraging a child to do things that are likely to lead to results like living in a federal prison for a decade or more (assuming she's in the US or any other "Western" state), or worse (Chinese prisons are reportedly pretty unpleasant, for example), you really shouldn't expect anything but criminality on a sort of psycho scale.
There is no perfect defense. The Hashishim proved that centuries ago. Set up the best security you can, including educating employees on factors like phishing and "human engineering", and still assume you'll get hacked or conned or whatever. Keep up on the lastest fashions in the world of computer attacks, and educate yourself on the basics, apply what you learn, and still assume it's not enough.
You're really not paranoid if people like LulzSec and Anonymous really are out to get ... well, whomever the mood strikes them to attack next. These people aren't rational, their attacks aren't actually sane, so assuming what they do will actually make sense is not a good defense.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
September 6, 2011 at 1:59 pm
GSquared (9/6/2011)
Per a profile I recently read, one of the "leading lights" of Anonymous is a young woman whose father is very, very proud of the things his daughter does as a member of that group.With that kind of situation, where a parent is encouraging a child to do things that are likely to lead to results like living in a federal prison for a decade or more (assuming she's in the US or any other "Western" state), or worse (Chinese prisons are reportedly pretty unpleasant, for example), you really shouldn't expect anything but criminality on a sort of psycho scale.
True, but on a less serious note, I found it hilarious when sony got hacked twize and how those often so serious business men lost their faces.
Very annoying for the customers of course, their card details being at risk.
However, it's not only bad. Banks constantly gets hacked but covers it up because they view it as less costly or find it not to be within their competence to seal up the systems. As a customer, I'd like to know about these things. Sony might have been hacked several times before but no one went public with it. Apparently it was easy to hack sony which speaks for this possibility.
September 8, 2011 at 6:33 am
IceDread (9/6/2011)
GSquared (9/6/2011)
Per a profile I recently read, one of the "leading lights" of Anonymous is a young woman whose father is very, very proud of the things his daughter does as a member of that group.With that kind of situation, where a parent is encouraging a child to do things that are likely to lead to results like living in a federal prison for a decade or more (assuming she's in the US or any other "Western" state), or worse (Chinese prisons are reportedly pretty unpleasant, for example), you really shouldn't expect anything but criminality on a sort of psycho scale.
True, but on a less serious note, I found it hilarious when sony got hacked twize and how those often so serious business men lost their faces.
Very annoying for the customers of course, their card details being at risk.
However, it's not only bad. Banks constantly gets hacked but covers it up because they view it as less costly or find it not to be within their competence to seal up the systems. As a customer, I'd like to know about these things. Sony might have been hacked several times before but no one went public with it. Apparently it was easy to hack sony which speaks for this possibility.
Yeah, Sony has a history of arrogance with regards to security and a million other factors, and they ended up with plenty of "egg, meet face" in the last few months because of it.
And yes, I agree, it's definitely a worse situation than anyone wants their customers to know.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Viewing 12 posts - 1 through 11 (of 11 total)
You must be logged in to reply to this topic. Login to reply