Security by obscurity is not security at all

Probably about the worst security plan you can ever use is security by obscurity. Read the rest of this entry »

If the user doesn’t know the password a few times, lock’em out

One of the easiest things that you can do to keep people from guessing passwords is to slow them down.  Obviously I don’t mean do tell the person to try to log in less frequently, that just wouldn’t make any sense.  When someone is knocking on your computer’s door and trying a brute force password attack, make them slow down. Read the rest of this entry »

Looks like phishers are now using the phone again

It appears that the phishers are going back to some good old social engenering to get your info.

I just received this text message “First Heritage Bank Alert: Your CARD has been DEACTIVATED. Please contact us at 877-649-1737 to REACTIVATE.”. Now I know this is a scam for a couple of reasons.

1. I don’t have an account with First Heritage Bank
2. A bank wouldn’t text me to have them call me.
3. They’d tell me to call without providing a number, instead telling me to use the number on my card.
4. They’d identify the account which has a problem.

If you see this don’t call them. I’d say report it to your local law enforcement but they probably don’t really care, and probably won’t do anything about it. Good luck if you decide to call your local law enforcement.

Denny

P.s. Sorry for any spelling issues. This was posted from my blackberry. I’ll spell check from home.

What color should my hair be for #sqlpass?

OK, so I need your help.  I’ve gotten into the habit recently of dying my hair.  So I need to decide what color to dye it for PASS.  Since I’m not running for the board I haven’t been doing massive amounts of web casts, or a crazy amount of blogging recently, so I’m feeling a little left out of the whole community thing today (ok, not really but a good sob story is a great way to get people to vote on stuff). Read the rest of this entry »

Keep those workstations locked

Everyone in IT knows who you don’t leave your workstation unlocked when you leave your desk.  It’s because your co-workers will send fart jokes to the boss from your machine as punishment.  However there are actual security reasons for not leaving your machine unlocked. Read the rest of this entry »

Keep your databases off the Internet

There are way to many people who keep there database servers available from the public Internet.  This is just a disaster waiting to happen. Read the rest of this entry »

Who’s been logging into my SQL Server?

Knowing who has been logging into your SQL Server is one of the key things to know about your SQL Server.  It lets you know quite a bit about who’s using your server, and about who’s been trying to break into your SQL Server, and most importantly if they have ...

IIS Honeypots

IIS Honeypots are a great way to keep people from doing damage to your IIS boxes.  There’s a variety of techniques that you can use to create a honey pot on your web servers. Read the rest of this entry »

What’s the difference between encrypted data and hashed data?

The biggest difference between encrypted data and hashed data is that encrypted data can be decrypted later.  Hash algorithms such as MD5 are one way hashing algorithms which means that the value that is returned can't be decrypted back to the original value. It is important to know the difference between ...

Whitepaper on why database maintenance is important

Today I’m publishing a white paper which I wrote for our Customer Service department to give to our customers.  It explains why database maintenance is so important in keeping your database happy and healthy. Read the rest of this entry »