[Cialug] Insane Security
matthew.nuzum at canonical.com
Sun Feb 25 11:49:36 CST 2007
Reading the article, you'd think they had their bases covered. But they
didn't. I believe, based on the author's intro, that this article is
fiction, but either way, the root problem (pun intended) was that there
was a directed attack against a person who had "special permissions" to
access the database server. Some of you work in highly secure networks,
and therefore have sane, strict network permissions by default... but
tell me, who doesn't have "special" users who need higher than normal
permissions? It's getting to the point where you don't dare give out
special access to anyone except the inner-circle IT/Security/DBA staff.
Honestly, being able to find out who caused the problem is little
consolation when your client's data is floating around on the web.
This stuff is just plain scary if you ask me.
newz2000 on freenode
More information about the Cialug