cancel
Showing results for 
Search instead for 
Did you mean: 

The Actuator - April 5th

Level 17

Greetings from Telford, UK! I'm here at SQL Bits delivering a full day training session with datachick and enjoying the sunshine. If you are near Telford stop by SQLBits on Saturday and you can listen to Karen and I debate database design. Yes, it is as exciting as it sounds!

Also, here's a reminder that the calendar says April, which means the year is about 25% over. This is about the time I like to ask people how they are doing on those goals they set for themselves at the start of the year. If you feel a bit behind it’s not too late to get started!

As always, here's a handful of links from the intertubz I thought you might find interesting. Enjoy!

Old Microsoft IIS Servers Vulnerable to Zero-Day Exploit

Look folks, if you are running 14-year-old, unpatched, internet-facing servers then maybe you deserve what happens.

This is how Samsung plans to prevent future phones from catching fire

There's no such thing as bad press, right?

Facial recognition database used by FBI is out of control, House committee hears

Setting aside the privacy issues/concerns, I have one question about this report: If commercial software is “five years ahead” of what the FBI is using, why doesn’t the FBI use the commercial software?

Why I Always Tug on the ATM

Yep. I find myself doing this as well, every time I am at a place like an ATM, or gas station, and supermarkets.

Researchers steal data from CPU cache shared by two VMs 

Concerning, yes. But I still think the Cloud is far more secure that the data center on the 8th floor.

Seven Big Reasons to Move Backup to the Cloud

In case the previous article meant you needed a reminder that the Cloud is quite useful, and awesome, for a variety of scenarios.

From my first visit to Telford with Lego daughter three years ago:

a4819231f3fb648fed5f6d139728b729.jpg

17 Comments
ecklerwr1
Level 19

Cool lego daughter!  I can't explain why the FBI wouldn't be using better than commercial grade software... maybe they are behind... I'm sure the NSA has something better!

Btw... the links are all dead... I think it appended some solarwinds stuff in front of the real URL's.  You can get to them if you strip off the first part of the links.

shuckyshark
Level 13

Link to the data leakage story doesn't work for me...but I don't see how the cloud is more secure than an 8th floor data center...

ecklerwr1
Level 19

Just strip the https://thwack.solarwinds.com/blog/”  off the url and the trailing "

sqlrockstar
Level 17

Apologies for the bad links, those responsible have been sacked. Everything should be working now.

vinay.by
Level 16

network_defender
Level 14

I can see both sides of the FBI argument.  However, is watching the watchers.

gfsutherland
Level 14

Lego daughter looks happy!

Samsung phones - I have to admit I am curious how they will come out of this in the end. Until then.... anyone developing a fire extinguisher app?

ATMS - Welcome to my world.... (banking)

IIS - is anyone surprised by this especially 6?

sqlrockstar​ great read as always...

I am glad I am not the only one who always tugs on the card reader at the gas station and atm

shuckyshark
Level 13

and I check store pin pads as well...

sparda963
Level 12

The cpu cache thing is kind of crazy. It just goes to show that you need to be very careful of where you are hosting your data and where you process it. It's amazing what people can think of with enough free time!

rschroeder
Level 21

Zero Day Exploits for Ancient Microsoft Products:

     Yes, those who fail to study history are doomed to repeat it.  Don't avoid learning from the mistakes of others.

Would you trust Samsung's batteries now?

     Fool me once . . .    But on the other hand, I'm no fan of Apples' practices, nor of other cell phone manufacturers' interfaces.  Sigh . . .

Abusing Facial Recognition:

     If you think this is bad, what do you think about security through Biometrics?  I only have one set of retina patterns, one set of finger prints, one set of DNA.  Once each of those is scanned & recorded for comparison in security access services, my PERSONAL bio data can easily be copied & moved elsewhere and exploited.  Where will I get new DNA or retina patterns for the next security need?

Stealing Your Data Via ATM Readers:

     This is old news--doesn't everyone read about this, or see it on TV?  Obviously not.  Folks assume banks can be trusted.  I bet if you compared that attitude to thoughts about banks in 1933 you'd find it 180 degrees reversed.

Proof that Data Shared Between VMs is Unsecured:

     No surprise here.  If you don't secure the data so that only authorized/allowed systems can access it, of course it can be retried by unauthorized systems.  On the other hand, it's all internal, right?  So you'd assume only "safe" systems have access.  "Assume" . . .

Backing Up To The Cloud:

    If there are seven reasons to back up to the cloud, let's hear some equal time from the opposition.  Are there good reasons NOT to back up to the cloud?

  • Is Cost a factor?
  • How about Trust?
    • Is the transfer to the cloud fast, predictable, and impossible to compromise?
    • Is the data properly encrypted and physically and logically secured so only you can access it?
    • Will the data be available when you need it?
  • What are the reliability factors for the cloud?
    • How resilient / highly available is the solution?
  • What are the motivations to move to the cloud?  Is it really better than your own on-premise solution, or is it just desirable because it's new, or someone else extolls its virtues?  Or is there simply an effective salesperson in your face and you're gullible?

pastedImage_9.png

goodzhere
Level 14

Good reads as always.  I get it with the FBI.  There are 2 sides to the argument.  And the ATM thing sure isn't going away anytime soon.  It is rather scary.   

rschroeder
Level 21

Grail quote appreciated.

pastedImage_0.png

;^)

ecklerwr1
Level 19

Another reason to not necessarily trust workloads to the cloud!

byrona
Level 21

The cloud backup article really stood out to me as one of the services we provide is setting up and managing backup to Azure for our clients.  The Cloud based backup solutions have really come a long way and are a great option for many of our clients.  For anybody that has been on the fence about this, I would strongly encourage them to try it out because it really does work well.

ecklerwr1
Level 19

I won't do Samsung devices anymore... I've had four Google Nexus phones and am going to get the Pixel 2 when it comes out.

mprobus
Level 13

So, if you are a Samsung employee and told someone that you were 'whatever title' on the battery advisory board, how many people would look at you and wonder if you have a real job?

About the Author
Thomas LaRock is a Head Geek at SolarWinds and a Microsoft® Certified Master, SQL Server® MVP, VMware® vExpert, and a Microsoft Certified Trainer. He has over 20 years experience in the IT industry in roles including programmer, developer, analyst, and database administrator.