Hacking the Admin

  • Comments posted to this topic are about the item Hacking the Admin

  • Steve, did hackers steal the end of your second paragraph? ;^)

    -edited because I haven’t had coffee yet

    • This reply was modified 4 years, 5 months ago by  phegedusich.
  • Nope, that was all I wanted to say. I'll add in the a few more words.

  • All our SQL data changes have to be made via a script. The script is written by the developer and peer reviewed before being executed by the Release team. Obviously the Release team could make other data changes using the same permissions. Data changes on our mainframe are made by writing a mini COBOL program to do the updates (which, again, is peer reviewed). There are only two people who can change data without running a program to do so and any time one of these unscripted changes is required, a senior manager logs them on and watches while they make the change. A screen-print is taken of the session, signed by both parties and filed away for the auditors to look at should the need arise.

  • That's a good system, Chris Wooding. Not perfect, but likely it works well unless you have a rogue admin. I still like the idea of using a pipeline of sorts to deploy the scripts rather than letting anyone directly run them. Not sure many orgs will get here, but there are a few that have this in place. I wish MS made this easier.

     

  • My opinion, no publicly facing messaging system should allow anyone except an account owner to post on their behalf.  That is a HUGE privacy concern and could be career ending for some people.  Can you imagine if someone went on there and started posting a bunch of negative things about your workplace under your account?  Or started posting a lot of inaccurate information about what you specialize in under your account?  Or goes on and posts racist or hateful things on there? the list goes on and on.

    it is incredibly scary to think that the admins on twitter could selectively pick and choose people to post on their behalf and destroy someones career.

    Hopefully this hack will make twitter think twice about what they are capable of from their admin panels and work to reduce the appeal for hackers to get access to it.

    The above is all just my opinion on what you should do. 
    As with all advice you find on a random internet forum - you shouldn't blindly follow it.  Always test on a test server to see if there is negative side effects before making changes to live!
    I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.

  • I'd agree with you, but how do you prevent someone that admins a database from making a change? Our platforms don't do a great job of preventing this. Something like Always Encrypted, where the client has a key to sign a tweet is good, but trying to ensure clients don't lose certificates/keys is a hassle.

    This isn't "posting" necessarily, but database access for DML.

  • Inserting, updating, or deleting rows in a table shouldn't be a routine function of a database sysadmin. So, perhaps the all-powerful SYSADMIN role itself should be deprecated or DML permission excluded by default, and only service accounts granted datareader and datawriter.  If someone attempts to login using one of these accounts, perhaps a three-factor authentication can send a verification phone call or text message to both the DBA and a trusted third party like the director of database operations or information security, meaning that two people need to approve the login request.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply