I had a weird discussion with someone who was firmly convinced that you couldn’t possibly have data security without starting with classification and labels. Maybe they read it in a book or something.
I can’t entirely promise tonight’s episode makes a lot of sense. Martin is back from Kyoto, and seriously jetlagged, and I don’t think I was a whole lot better. Sure, we cover the usual collection of security news, but the episode is filled with non-sequitors and other dissociated transitions. On the other hand, we do stick fairly closely to security related topics. In other words, listen at your own risk.
An interesting news item on how social security numbers can be guessed with surprising accuracy made this morning’s paper. Researchers say they can determine much of someone’s social security number from birth date and location. Hopefully this will shine yet another spotlight on our over-reliance on social security numbers as a method of identification. From the San Jose Mercury news:
Going through my feed reader this morning when I ran across this post on Dark Reading about Your First Three Steps for database security. As these are supposed to be your first steps with database security,
the suggestions not only struck me as places I would not start, it offered a method that I would not employ. I believe that there there is a better way to proceed, so I offer you my alternative set of recommendations.
As it’s the middle of summer, it’s freakin’ hot here. Rich and I have been cranking away like crazy since RSA on a couple different projects and are in need of a break. Now it’s time for a little R&R, so like you, we going on a mini summer break. That means no Friday Summary this week. We’ll be back around the 7th, and return to normal Friday posts on the 10th. Until then, enjoy yourself over the July 4th holiday (even if you’re not in the U.S.)! If you haven’t yet taken the Project Quant…
I have a half dozen books on Thomas Jefferson’s life, but this is a pretty cool story I had never heard before. The Wall Street Journal this morning has a story about a Professor Robert Patterson, who had developed what appears to be a reasonably advanced cipher, and sent an enciphered message to President Jefferson in 1801. He provided Jefferson with the the message, the cipher, and hints as to how it worked, but it is assumed that Jefferson was never able to decrypt the message. The message…
When I interview database candidates, I want to asses their skills in three different areas; how well they can set-up and maintain a database, how well they can program to a database, and how well they can design database systems. These coincide with the three roles I would typically hire: database administrator, database programmer and database architect. Even though I am hiring for just one of these roles, and I don’t expect any single candidate to be fully proficient in all three areas, I do…
This is Part 5 of our Database Encryption Series. Part 1, Part 2, Part 3, Part 4, and the supporting posts on Database vs. Application Encryption, & Database Encryption: Fact or Fiction are online.
Martin is off in Japan this week, so I’m joined by our good friend Amrit Williams from BigFix and the Techbuddha blog. Amrit and I start off by talking about the rolling blackouts in California and disaster preparedness, before jumping into the week’s security news.
Technically the title should be Things to do With Encryption…, but then I wouldn’t have a semi-obscure movie reference.
Cory Doctorow of BoingBoing linked to a column of his over at The Guardian entitled If I’m dead how will my loved ones break my password?. As a new father myself, I recently went through the estate planning process with my lawyer, and this is one issue I’ve long thought needed more attention. A few years ago I even considered building a startup around it.