![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mapsedgeOur webserver got hit last night with a SQL injection attack. I have to admire the elegance of the code, it's really ingenious, a buffer overrun exploit that translates into an MSSQL cursor update statement. Slick. Want the details?
Ours was one of thousands of web providers that were hit in the last week or so. We recovered from it in a matter of a few minutes: restored the database, added a quick bandaid to limit this sort of thing in the future. Over the next week or so, I'll do an audit of my code and take what measures I can. I deliberately wrote my code to prevent this, but I didn't anticipate something like this, obviously.
What I truly hate about this situation is the abject panic that ensues in this office whenever there's a surprise problem. Folks, just grow up: get the information, fix the symptoms, then address the cause. Systematically, methodically, one step at a time.
That is nearly impossible to do when you work with someone whose first inclination is to get all the possible information but only skims instead of reads; whose knees jerk into solutions that aren't; who wants to talk and talk and talk and talk.
Yes, this sort of thing could sink our company if it continues.
Yes, we might have lost a day's worth of work.
No, if someone wants in to do mischief, and they want it bad enough, you can't keep them out.
Dude, it's not about comforting you: it's about fixing. Can go and fix porblem nau?
We are either moving forward or not. Talking is a subset of "not." Thank you, Frank, for that. Apropos. Well said.
Ours was one of thousands of web providers that were hit in the last week or so. We recovered from it in a matter of a few minutes: restored the database, added a quick bandaid to limit this sort of thing in the future. Over the next week or so, I'll do an audit of my code and take what measures I can. I deliberately wrote my code to prevent this, but I didn't anticipate something like this, obviously.
What I truly hate about this situation is the abject panic that ensues in this office whenever there's a surprise problem. Folks, just grow up: get the information, fix the symptoms, then address the cause. Systematically, methodically, one step at a time.
That is nearly impossible to do when you work with someone whose first inclination is to get all the possible information but only skims instead of reads; whose knees jerk into solutions that aren't; who wants to talk and talk and talk and talk.
Yes, this sort of thing could sink our company if it continues.
Yes, we might have lost a day's worth of work.
No, if someone wants in to do mischief, and they want it bad enough, you can't keep them out.
Dude, it's not about comforting you: it's about fixing. Can go and fix porblem nau?
We are either moving forward or not. Talking is a subset of "not." Thank you, Frank, for that. Apropos. Well said.