Spam is such an ugly word. We believe that the attached piece, while not directly concerned with MySQL directly, may be of general interset to the list subscribers.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 12:08 PM To: Andy Wood Subject: Re: Cyber security Your message cannot be posted because it appears to be either spam or simply off topic to our filter. To bypass the filter you must include one of the following words in your message: sql,query If you just reply to this message, and include the entire text of it in the reply, your reply will go through. However, you should first review the text of the message to make sure it has something to do with MySQL. Just typing the word MySQL once will be sufficient, for example. You have written the following: Dear list owner. We think that in light of the current public concern over cyber security that the subscribers to your list will find the attached of interest. Kind Regards Andy Wood SECURITY in an INSECURE WORLD. By Perfectway Corporation, www.perfectway.com Cyber crime is persistent and growing. From the nuisance type of hacker attack like the one recently experienced by USA Today, where hackers defaced the web site and inserted fake stories into the On Line edition. To the mischievous, witness Princeton trying to get a leg up on Yale by illicitly peeking at their admissions files. To theft and embezzlement. The New York Times recently had personal data on over six thousand contributors, [including some household names] stolen from its data bank. This information can be used for identity theft and credit card fraud. If high profile enterprises like these with legions of network security staff cannot prevent attacks, what hope for the rest of us? If you start including e-mail and IM viruses and worms, an estimated 1 in 300 e-mails are currently infected with the Klez worm you may hark back to a simpler time when a ball point pen was considered roguishly high tech. However, networks are here to stay, as are the astonishing amounts of data they generate. So how can we protect ourselves and our valuables from harm? A number of basic steps need to be thought through. 1. What are we protecting? A lot of companies do not know exactly what is valuable and what is not. In a bank it is pretty straight forward what the bad guys are after. In a fork lift truck plant or florist it may not be so clear. So an inventory of the 'crown jewels' needs to be taken. Is it, patents, recipes, formulae, customer lists, names of investors, marketing strategy, acquisition target list. Whatever it is, it needs to be identified and protected appropriately. 2. Once the key valuables have been inventoried then access to them needs to be restricted and monitored. Trying to create a fortress around the whole enterprise simply does not work. 3. Password policy needs to be sold to everyone in the organization. If employees are simply told to change passwords regularly then it becomes a chore. In my old company you were automatically reminded to change it every three months, it was seen as a hassle so most people quickly discovered that you could change it, then immediately change back to your old one. It was not seen as having value to the individual. If employees understand that the possibility of identity theft is very real and that their personal information may be used for malevolent purposes then they may choose to do something other than recycle their telephone extension number for years. A helpful tip is to encourage the use of number substitution. Make 1=I, E=3,5=S, and 0=O. So the password 'Sister' for example would now read 515t3r. not difficult to remember but hard for a hacker to crack using the standard 'dictionary' programs favored by people trying to illicitly enter your network. 4. Have an outside review of your systems. Perfectway corporation and many other fine consultant services will work with you to identify and remedy vulnerabilities. By viewing security, like quality, as a company wide commitment and regularly having an outside audit you can stay at least one step ahead of the bad guys. For more information on protecting your company contact: Perfectway Corporation, a nationally recognized security services consultancy. --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php