Horkay Blog
The postings on this site are my own and do not represent my Employer's positions, advice or strategies.
Wednesday, 02 September 2009

There are many emphases for the SQL DBA, one of the major items is security.  Where I work security and patching have taken on new importance over the past 12 months.  Patching which used to be a yearly event, is now monthly or even weekly.  Combine that with SOX Controls and other internal controls, there is a focus on security.  Part of that is seen in SQL Server from Microsoft, kudos! 

The product gained a new level of security with SQL Server 2005.  Service Pack 2 gave us Login Triggers / Service Broker Events.  SQL 2008 saw the Builtin\Administrators account gone (separation of duties) and even more controls.

Than today it was distressing to see a news report about Microsoft ignoring a vulnerability with SQL Server, basically dismissing it as anyone with administrator privileges already has control [What happenned to separation of duties?].  The whole point of where security with SQL Server was going was to ensure that administrators could be properly segmented.  Where I work they'd like to get to the point where a SQL DBA can't even view or query the data that they administer.

If you find the below security vulnerability to be an issue than complain to Microsoft.  Also if you didn't know about this vulnerability, than you need to ensure to plug-in to some other industry news sources to get your information on vulnerability and patches, as you can't always count on Microsoft to disclose issues.

-----Original Message-----
From: Security Wire Daily [mailto:SearchSecurity@lists.techtarget.com]
Sent: Wednesday, September 02, 2009 10:38 AM
Subject: New SQL Server password flaw surfaces

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
SearchSecurity.com: Security Wire Daily
Breaking security news, the latest industry developments and trends
September 02, 2009
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

UNPATCHED VULNERABILITY DISCOVERED IN MICROSOFT SQL SERVER
Michael S. Mimoso, Editor, Information Security magazine

Microsoft SQL Server administrators are being warned today about an
unpatched vulnerability in the popular database software that exposes
user passwords in the clear, as well as credentials delivered by
applications trying to access the database server.

Researchers at San Mateo, Calif.-based Sentrigo Inc., announced the
flaw this morning, and also revealed that Microsoft has no immediate
plans to release a patch for the vulnerability. Sentrigo, meanwhile,
said it has developed a free utility that will erase these passwords
from memory.
Read more:
http://go.techtarget.com/r/9124859/8704472

Wednesday, 02 September 2009 12:19:21 (Central Standard Time, UTC-06:00) | Comments [3] | SQL Server#
Search
Popular Posts
Unpatched Vulnerabiltiy discovered ...
Spring Fornicator brewed...
SQL Server Security, not where it n...
DTA - Failed to initialize MSDB dat...
Check the Uptime of a Windows Serve...
Recent Posts
Archive
June, 2017 (2)
May, 2017 (2)
April, 2017 (2)
March, 2017 (1)
February, 2017 (1)
December, 2016 (2)
October, 2016 (2)
September, 2016 (1)
August, 2016 (1)
July, 2016 (1)
March, 2016 (2)
February, 2016 (3)
December, 2015 (4)
November, 2015 (6)
September, 2015 (1)
August, 2015 (2)
July, 2015 (1)
March, 2015 (2)
January, 2015 (1)
December, 2014 (3)
November, 2014 (1)
July, 2014 (2)
June, 2014 (2)
May, 2014 (3)
April, 2014 (3)
March, 2014 (1)
December, 2013 (1)
October, 2013 (1)
August, 2013 (1)
July, 2013 (1)
June, 2013 (2)
May, 2013 (1)
March, 2013 (3)
February, 2013 (3)
January, 2013 (1)
December, 2012 (3)
November, 2012 (1)
October, 2012 (1)
September, 2012 (1)
August, 2012 (1)
July, 2012 (4)
June, 2012 (3)
April, 2012 (1)
March, 2012 (3)
February, 2012 (3)
January, 2012 (4)
December, 2011 (3)
October, 2011 (2)
September, 2011 (2)
August, 2011 (8)
July, 2011 (4)
June, 2011 (3)
May, 2011 (3)
April, 2011 (1)
March, 2011 (2)
February, 2011 (3)
January, 2011 (1)
September, 2010 (1)
August, 2010 (2)
May, 2010 (2)
April, 2010 (3)
March, 2010 (1)
February, 2010 (4)
January, 2010 (1)
December, 2009 (3)
November, 2009 (2)
October, 2009 (2)
September, 2009 (5)
August, 2009 (4)
July, 2009 (8)
June, 2009 (2)
May, 2009 (3)
April, 2009 (9)
March, 2009 (6)
February, 2009 (3)
January, 2009 (8)
December, 2008 (8)
November, 2008 (4)
October, 2008 (14)
September, 2008 (10)
August, 2008 (7)
July, 2008 (7)
June, 2008 (11)
May, 2008 (14)
April, 2008 (12)
March, 2008 (17)
February, 2008 (10)
January, 2008 (13)
December, 2007 (7)
November, 2007 (8)
Links
Categories
Admin Login
Sign In
Blogroll