Problems displaying this newsletter? View online.
SQL Server Central
Featured Contents
Question of the Day
The Voice of the DBA
 

Daily Coping Tip

Pick one of your strengths and use it this week

I also have a thread at SQLServerCentral dealing with coping mechanisms and resources. Feel free to participate.

For many of you out there working in a new way, I'm including a thought of the day on how to cope in this challenging time from The Action for Happiness Coping Calendar. My items will be on my blog, feel free to share yours.

The Danger of Management Access

First we had the Solarwinds hack, and now we have a Kaseya ransomware epidemic. It seems the criminals are moving up the stack. We used to see physical attacks on tapes and keyboards, then we saw OS level attacks. Now we seem to be getting to the management layer for software that is used to help us run systems at scale. Since we often require some level of privileged access for monitoring and management systems, this is scary.

Many of us depend on some standardization and some sort of software to ensure we can manage systems at scale. I don't know about the OS world, but in the SQL Server world, there are relatively few vendors that provide software for managing systems. If one of these were compromised in some way, this could be very bad for many database administrators. Fortunately, many of us know how to air gap backups and ensure that we are prepared for disasters.

If you don't know how to do this, you ought to be learning right away. Review backup plans, ensure you can rebuild systems, test restores, and brush up all your recovery skills.

This attack seems to have taken advantage of a zero day, or very early, vulnerability that was discovered by a Dutch security research firm. The firm looks into management software, especially admin interfaces, specifically because they are worried about the lack of security in many products. In this case, Kaseya builds tools that allow admins to distribute software to other systems on the network. In this case, criminals used the software to distribute ransomware.

The updates from the Kaseya are less than stellar, and if I were a customer, I'd be rather upset. They seem to keep setting unrealistic plans to restore service and then constantly revise them across a few days. I'd also be upset in that they claim only a few of their thousands of customers are affected, but they neglect to admit that some of those customers affected as Managed Service Providers, who themselves have thousands of customers using this software.

There are some technical  details in this piece, in case you want to check your own systems. If you think you have multiple pieces of software that might protect you, read the article. This deployment shuts off some other products, like Microsoft Defender.

I feel bad for many people here. IT staff at affected companies that have likely been incredibly stressed and overworked recently. The consumers of some affected customers, like those that might shop in the Swedish grocer, Coop, who shut down more than 400 stores. I don't know the state of grocery shopping in Sweden, but this might dramatically impact many people that just want to buy food for their families.

Ransomware continues to surprise and worry me. Large profile hacks keep coming, affecting lots of people. Often these are because of previously undiscovered software vulnerabilities or simple mistakes made by privileged users.

I hope that at some point insurers and governments start to put more pressure on companies that make widely used software to ensure they are adhering to best practices and have detailed security practices in place to ensure their code is constantly checked for issues, and that they have detailed plans for responding to and patching customers when there are issues.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums

 
 Featured Contents

Powershell Day by Day: Customizing Scripts with Parameters

Frank Dolan from SQLServerCentral

Learn how you can add parameters to your PowerShell scripts to make them more flexible and useful.

Fine-tuning Scripted Database Comparisons with SQL Compare

Additional Articles from Redgate

When comparing databases, save your standard options and filters to a single project file, and then use PowerShell to script them out to the command line. This allows you to reuse the same project file across multiple comparison operations.

SQL Server performance monitor data: Introduction and usage

Additional Articles from SimpleTalk

Monitoring SQL Server for performance is a critical part of a DBA’s job. In this article, Edward Pollack explains some of the SQL Server performance monitor data and how to collect it.

From the SQL Server Central Blogs - Calculating Age in Power BI

Meagan Longoria from Data Savvy

In week 26 of Workout Wednesday for Power BI, I asked people to calculate the age of Nobel laureates at the time they received the award. I provided some...

From the SQL Server Central Blogs - Scale your SQL Server MDF database data files

kleegeek from Technobabble by Klee from @kleegeek

Do you have quite large MDF files on your database? By large, I mean hundreds of gigabytes (or larger). Have you ever noticed that your SQL Server disk stall...

 

 Question of the Day

Today's question (by Steve Jones - SSC Editor):

 

A Lambda Function in Python

I have this in Python:
x = lambda a: a * 2
x(4)
What is returned?

Think you know the answer? Click here, and find out if you are right.

 

 

 Yesterday's Question of the Day (by Steve Jones - SSC Editor)

The FTS Catalog

I want to create a full text index on a table in my database. There are no FTS (full text search) indexes in this database. I think I need a catalog, but I am not sure. What should I do?

Answer: Run CREATE FULLTEXT CATALOG with a name.

Explanation: Before you can create a FTS index, you need a catalog, which is a logical container. The CREATE FULLTEXT CATALOG DDL is used to set this up. Ref: Create and Manage Full-Text Catalogs - https://docs.microsoft.com/en-us/sql/relational-databases/search/create-and-manage-full-text-catalogs?view=sql-server-ver15

Discuss this question and answer on the forums

 

 

 

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.


SQL Server 2017 - Development
Split column values to multiple rows - Hi, My requirement is to split columns [Owner],[PersonAttending],[Type] into multiple rows if more than one value is there for the column. Attached is the code snippet. Please help! Thanks, PSB CREATE TABLE #SplitColumnsToRows ( ID INT, Title nvarchar(1000), [Owner] nvarchar(1000), [PersonAttending] nvarchar(1000), [Type] nvarchar(500) ) Insert INTO #SplitColumnsToRows ( ID,Title,[Owner],[PersonAttending],[Type]) SELECT 1,'Title 1','Neil;Jennifer','Ronaldo;Ashok','End to End;BIN' […]
SQL Server 2016 - Administration
Disable Non SSL connection in SQL server - Hi, I have configured SSL certificate in SQL server and enabled Force encryption=yes. Still SQL server is allowing non SSl connection from Application. How to configure like SQL server should not accept non-SSL connections.
Error SPN GMSA compte - hello , I am checking the SQL log error of my server and I found this error for info I use a GMSA account to start the SQL service account SQL Server is attempting to register a Service Principal Name (SPN) for the SQL Server service. Kerberos authentication will not be possible until a SPN […]
How to tell if an SSL certificate is already bound - Hello experts, I want to see if an SSL certificate is already bound to SQL Server in order to know whether or not I need to restart the SQL Server service. I did the following: In SQL Server Configuration Manager, right-click on "Protocols for MSSQLSERVER" and select Properties. Click on the Certificate tab. Click the […]
Administration - SQL Server 2014
How can I check that SP3 is really installed? - A systems works with Windows Server 2012 R2 Standard On this system MS SQL-server 2014 (x86) Express version 12.0.2000.8 is installed. The service pack SP3 had to be installed. Now SQLServer2014SP3-KB4022619-x86-ENU.exe is installed without errors. But after this upgrade the version number is still 12.0.2000.8 I expect version number 12.0.6024.0 When I try to install […]
SQL 2012 - General
Let SQL profiler and Extended event can't capture the sql statement. - is it possible to Let SQL profiler and Extended event can't capture the sql statement? if not , is there any better  trick let user uneasily capture  the sql statements you execute? ( aside from encryption SQL scripts) thanks so much!  
SQL Server 2012 - T-SQL
Split String into columns - Can someone help me figure out how to turn this string: ' ;T41,Vending,9000011;T42,Laundry,9000012;T43,Car Wash,9000013;T44,Amusement,9000014;T45,Promotion,9000015;T46,Transit,9000016;T47,Other,9000017;T73,?,9000011' into a set of results like this?
SQL Server 2019 - Administration
Configure DBMail to send the email to a local folder? - Is there a way to configure DBMail to send the email to a local folder?
Availability Groups - Object Sync - Hi, I'm in the process of doing a comparison of all the options available: Scripts Integration Services 3rd Party Tools We will have hundreds of instances and thousands of databases so need something scalable! Thanks
Adding a surrogate key to a view - Hi there I need to add a surrogate key/unique identifier column to an exisiting view. I have tried using "Select ROW_NUMBER() OVER (ORDER BY CustomerId) as SurrogateKey From ..." as well as "Select CONCAT(CustomerId, ActivityId, CreateDate) As SurrogateKey From ..." as an alternative but both of these result in 152 rows being added to my […]
Login failed for user with failure to write agent job history to sysjobhistory - Good afternoon, Odd issue started happening a couple weeks ago where a server stopped logging job history and the the SQL Server Agent log is full of these two errors.  Jobs run and do what they are supposed to do, I am simply not getting a history log created. I have stopped and restarted the […]
SQL Server 2019 - Development
Create a View with Index - I am using a large Manufacturing Database and would like to create a number of Indexed Views in another Database that reference my manufacturing Database. I use a common table expression to produce a list of bill of materials but this slows down due to lack of an index - can this be done? Roberto
SQL Server 2008 - General
? on XML Data Parsing.... - Hi I ran into an issue parsing xml, Here is a sample Great Books Jon Smith 2001-12-28 23.39 This is a great book! Sad Emo Jones 15.25 This music is so sad!North America Joey Bagadonuts 2013-02-02 102.95 Trail […]
Integration Services
text column in date format in excel to datetime column in sql server via SSIS - Hi, I am trying to import an excel with a date column in it ( format - dd.mm.yyyy hh:mm:ss) . The column does not have any date specific custom formatting. It is general format only. The sql destination column is datetime. I have tried using data conversion as well as derived column to convert STR […]
SQLServerCentral.com Website Issues
Briefcase no working? - Hello, if  I add a forum's topic to my briefcase and then open my briefcase the page https://www.sqlservercentral.com/briefcase is loading and the items in briefcase showed for 1ms then hide and an empty Briefcase is displayed. It shows the text: "No items in briefcase". But when I view the page source I can find the links […]
 

 

RSS FeedTwitter

This email has been sent to {email}. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.
©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
webmaster@sqlservercentral.com

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -