Problems displaying this newsletter? View online.
SQL Server Central
Featured Contents
Question of the Day
Redgate University
The Voice of the DBA
 

Attacks Using Attacks

Not too long ago I wrote about a security failure from an AI company, Evisort, that had a development database exposed on the Internet. There were reports of customer information being exposed and initially it appeared the Evisort was being negligent by putting an  ElasticSearch database with no password on the Internet. They were, but this might not have been a problem for customers.

In an update, Evisorts dispute any customer data was exposed and they've updated security. They've hired consultants to help them and they are investigating and reviewing all documents that were exposed. They've offered to talk with any customers, and it appears they are taking this event seriously.

So, was there really a breach? I don't know. I have no firsthand knowledge of the actual data, and I haven't seen anything that indicates Evisort is covering up data loss. Perhaps they are, but perhaps someone was just seeking to imply there was a breach. Doing so is an attack on Evisort, not with data, but with information.

This might have been sent to a reporter to cause Evisort issues. Perhaps the issue was publicized to win a deal for a competitor that was near completion by making Evisort appear negligent. Perhaps this was an attempt to prevent Evisort from getting any more funding or reduce the value of the company.

There are all sorts of attacks that occur on companies. Some of these are to get data to sell. Some might be to create bad press. Some might be to influence the value of the company or perhaps cost them customers. The attacks are often aimed to accomplish some secondary goal: reduce share price, interrupt funding, influence customers to stop doing business, or even to make competitors look more valuable or desirable.

These are attacks on a company using some sort of other attack, like a hack of some sort.

The world is becoming more and more scary for data professionals. We have to be increasingly diligent, and not only be able to protect data, but prove we are protecting it. With the swift and strong reaction of many in social media, it behooves us to take extra precautions and ensure we have evidence of our taking precautions ready to dispute any misleading account. More importantly, we ought to know how to react if we do actually lose data. Think about this ahead of time, as you might not have time to so once an event actually occurs.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums

Redgate Database Devops
 
 Featured Contents
Stairway to SQL Server Security

Stairway to SQL Server Security Level 1: Overview of SQL Server Security

Don Kiely from SQLServerCentral.com

The ubiquity of databases and the potentially valuable information stored in them makes them attractive targets for people who want to steal data or harm its owner by tampering with it. Making sure that your data is secure is a critical part of configuring SQL Server and developing applications that use it to store data.

Data privacy next steps: Compliant Database DevOps

Additional Articles from Redgate

Over the last year we’ve seen a shift in customer concerns around personal data, as well as new legislation. Now is the time to implement a robust process to safeguard your data and your business, without hindering your DevOps journey. Read this blog post to find out the next steps for data privacy

Relational Databases vs Graph Databases

Additional Articles from MSSQLTips.com

In this tip we will address questions that will help relational database developers understand the various considerations for using a graph database.

Free eBook: Inside the SQL Server Query Optimizer

Press Release from SQLServerCentral.com

This free eBook from Redgate Software will take you from the fundamentals of Statistics, Cost Estimation, Index Selection, and the Execution Engine, and guide you through the inner workings of the Query Optimization process, and throws in a pragmatic look at Parameterization and Hints along the way.

From the SQL Server Central Blogs - Is it just me or does msdb feel a lot like a user database?

Kenneth.Fisher from SQLStudies

When you think of system databases, tables, etc there are a number of things you might think of. Necessary to ... Continue reading

From the SQL Server Central Blogs - How I Continuously Learn About SQL Server

Bert Wagner from Bert Wagner

Watch this week’s episode on YouTube. In order to stay current in a technology you have to immerse yourself in community content. Documentation is good for knowing the specification...

 

 Question of the Day

Today's question (by Steve Jones - SSC Editor):

 

Cleaning the Data frame

I am tracking some of my flights in this csv file: 
Flight,Origin,Destination,FlightTime
UA9,IAH,LHR,"2019-04-30 17:34"
UA58,LHR,ORD,"2019-05-01 09:12"
UA99,LAX,LHR,!
UA25,LHR,IAH, "2019-06-22 07:23"
I want to read this into a dataframe in R, but for some of the rows, a missing time is denoted with an exclamation mark. How do I read in this value as a "NA"?

Think you know the answer? Click here, and find out if you are right.

 

 

 Yesterday's Question of the Day (by Steve Jones - SSC Editor)

The Executable Synonym

I run this code:

USE sandbox
GO
CREATE OR ALTER PROCEDURE dbo.GetDB
AS
BEGIN
    SELECT DB_NAME()
END

This sets up a proc in my database. when I run this, I get "sandbox" as a result.

Now I run this code:

USE CIDemo
GO
CREATE SYNONYM dbo.MyDB FOR sandbox.dbo.GetDB
GO
EXEC dbo.MyDB

What is returned?

Answer: sandbox

Explanation: A synonym just provides a replacement of the object. In this case, when I call the synonym, this is the same as executing

EXEC sandbox.dbo.GetDB

Which returns sandbox. Ref: Synonyms - https://docs.microsoft.com/en-us/sql/relational-databases/synonyms/synonyms-database-engine?view=sql-server-2017

Discuss this question and answer on the forums

 

 

 

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.

SQL Server 2017 - Administration
Suspend-ClusterNode -Drain && move-clusterGroup - Hello everyone , if I proceed to do a suspended from the main node of my cluster Suspend-ClusterNode -Drain Are all resources automatically transferred to the second node or I have to do Move-ClusterGroup thanks
File Integrity Monitoring system and Database Server - Looking to find if it is a feasible idea to install FIM system on a SQL Server. It is a sensitive and highly transnational system and I dont feel comfortable.   For people who do not know what FIM is please read the below link.   https://en.wikipedia.org/wiki/File_integrity_monitoring     It may end up messing stuff. […]
SQL Server 2017 - Development
Data quality improvement - Hi I am exploring ideas of improving data quality in new organisation i joined. The issue is it is not straight forward as to re-write things and improve as there are 100s of dataset we process every weeks. I checked few tables for basic checks and found about 40 tables with duplicates. They are actual […]
SQL Server 2016 - Administration
Stored procedure getting results from views that are joining several tables - Hi, We have a stored procedure  which is executing during a batch job and it is taking 7 seconds to complete and that batch job runs hours to complete. And I'm seeing this procedure called continuously during the batch job and each RPC:completed is taking 7 seconds and returing same rows Started troubleshooting this procedure […]
Resulted of SP_Monitor with Packet Erros. - Detected which were sent or received by SQL Server since the SQL Server last started. The number is high. I remember that the number 4 errors by month it´s normal, but in this case  show me 90...123. What can I do to solve this problem, please.
SQL Server 2016 - Development and T-SQL
trying to get all data to line up - Hello, first, thank you all who helped or took the time to look at my last issue, but now i got 1 more, and its a tough this time for me so my 2 tables are: declare @Employees TAble ( employeeID int, employeename varchar(256), Hoursworked decimal(18,2), PayrollDate date ) insert into @Employees(employeeID,employeename,Hoursworked,PayrollDate) values(1,'bob',3.0,'05/01/2019') insert […]
SQL 2012 - General
Three most common mistakes that beginner writers make - Do you know about the three most common mistakes that beginner writers make that cause them a failure? Well, many people might not know about the fact that the foremost reason of writers could not finish writing their book on time is that they edit the book along with writing and instead of taking the […]
Deny Permissions to Schema Owner (assign read only) and deny to Linked Servers - We are running SQL Server 2012 SP4 EE on Windows Server 2008 R2 Standard. We had a developer who moved to another department. We would like to give the developer 'read only' access to the database before eventually disabling his account. We added the developer to the db_datareader database role. I want to make sure […]
data file .mdf datetime stamp on windows file system when running DBCC CheckDB - I'm trying to find out what causes the timestamp to change on the data file when running DBCC CheckDB.  I have confirmed that auto grow, auto shrink, open, close or a restart did not occur. What exactly would DBCC CheckDB be doing that it would need to change the date timestamp on the data file?
T-SQL (SS2K8)
Convert Rows into Columns - Hello All, I'm trying to convert rows in table to columns as per the example i.e create one long string of data for every occurrence of ID column. Could anyone please help in achieving it in best way. /** Build up a Table to work with. **/ DECLARE @T TABLE ( ID INT NOT NULL […]
Convert Rows into Columns - Hello All, I'm trying to convert rows in table to columns as per the example i.e create one long string of data for every occurrence of ID column. Could anyone please help in achieving it in best way. /** Build up a Table to work with. **/ DECLARE @T TABLE ( ID INT NOT NULL […]
Reporting Services
Grouping - Hi, I'm trying to create a report (using a Dynamics 365 Fetch) of all completed bookings grouped by week number, day and account.  So far, I've got this: What I want is to group by week number, day name and account so that you expand the week number to reveal a list of accounts with […]
SSRS 2012
SSRS 2012 converting Data field - How do you convert a Data field that is feet to miles on a expression. For instance the name of the field is PipeLen.value
Analysis Services
I have a query mdx that where it doesn't filter - I can't find the reason because a query that has in 'with member' an attribute of a dimensio that is key does not filter with where, if I put another attribute that is not key if it works ?. Dimension FE6 FE6 is key (int) FE6b (int) Descripción (character)   WITH SET [FILAS] AS EXCEPT([FE6].[FE6].[FE6].members, […]
Article Discussions by Author
Making Good Use of SQL Server Auditing - Comments posted to this topic are about the item Making Good Use of SQL Server Auditing.
 

 

RSS FeedTwitter

This email has been sent to {email}. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.
©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
webmaster@sqlservercentral.com

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -