November 8, 2006 at 7:07 pm
Transaction Attack
Hopefully it's not the type of attack shown here, but still this is a little disturbing, especially for a database guy. The CEO of Symantec seems to think that hackers will attack transactions and not just web sites. Along with the rise in cross site scripting instead of straight web attacks, maybe this is just the evolution of attacks on the web.
And for a database person, having transactions attacked is extremely scary. We depend on good security between our databases and the applications to ensure the data is intact. If we might suddenly see bogus transactions, that's worrisome as far as the integrity of the data.
And maybe even more worrisome for our home life and sanity. If you had to untangle transactions, delete some, adjust inventory, and more because of bogus transactions, it might make for some extremely long nights at work. It also might make you a little crazy trying to work around relational integrity. Or keep it intact, depending on how well your system is designed.
I've written about security many times and I'm sure that I will continue to for the foreseeable future. The idea of constant security as part of your daily process hasn't taken hold in many people's minds, or more importantly, in their workflow. We still see corners constantly being cut to make things easier. It's because we're not used to being constantly concerned about little areas, some of which may be exploited by this new type of hacking attempt.
Steve Jones
November 9, 2006 at 9:02 am
I'm not sure about everyone else, but today's editorial didn't render very well in the daily update. Since the block was half dedicated to an ad for End 2 End Training, the image was most of the width of the remaining column for the article, but, the render attempted to squeeze in the first part of the text, and the "but still" at the beginning was one word per line, and cut off at 3 letters.
Not the end of the world, but, thought you might want to know.
More on topic... it's disturbing the amount of attacks that are flying around anymore. my firewall detects consistant probe attempts, my smtp server refuses who knows how many relay attempts daily, and I get a ton of bot hits on my website searching for submit forms from several popular blog softwares. Worst of all, that's on a small, relatively low volume domain for all of that.
aaah well...
November 9, 2006 at 11:23 am
Steve - Thanks for the editorial and your time bringing this to the community. Among all the things that I do at this job, is working on the IT Security Project/Program. In this capacity I have looked at threat modeling and risk assessment not as 'extra projects' that take much needed time from development efforts but as a required part of the business that just has to be done.
I work for state government and have been made aware of the number of hits we take on the larger scale, as in September 2006 on the outward facing server we had hundreds of million hits, these were some form of unwanted traffic or exploits/reconnaissance/virus alerts.
What I am finding now is that the dream of open presentation of data to the world could become a devastating nightmare. And what we thought was going to be a presentation of facts to a eager group of appreciative users has become a market for cyberpirates and thieves.
In this environment we have to think security first, for what value is data/information or a system when it is violated or compromised?
Not all gray hairs are Dinosaurs!
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply