Database security bloopers

As we reported last week, a new survey shows that IT security pros have a “disturbing lack of confidence” in the ability of organizations to use sensitive information securely.

The survey looked at the data privacy and data protection concerns of 1,000 IT security workers and compliance professionals. It found that many see the potential for disastrous data loss and feel that their organizations aren’t equipped to deal with the risk. Well-known Oracle blogger and consultant Peter Finnigan agreed, saying “my experience [with] users of Oracle databases and database users in general is that databases tend to not be securely deployed. They are better than they have been in recent years but still not where they should be in terms of protecting data.”

Frankly, it’s hard for me to believe that DBAs aren’t already doing all they can to protect their data assets. If not, why not? The years of warnings haven’t been enough? The multiple and expensive break-ins didn’t jar you into action? Don’t think it can happen to you? You think your data isn’t all that valuable? Just plain lazy?

If you are an experienced DBA or a consultant, send me the worst (and/or funniest) security nightmares you’ve seen and we’ll post the most horrifying here in the blog (anonymously, of course). Come across a company using SCOTT/TIGER as their admin login? We want to hear about it!

Have a good holiday week,
Tim