PASS Summit 2003 - Funniest Moment: Security
During his keynote talk Wednesday morning, Gordon Mangione (VP SQL Server, Microsoft) said to his assistant who was about to demonstrate a new feature in Yukon, “If you login as SA, Blank Password, you're fired.”
Everyone laughed and it became the joke of the day. But think about it for a moment. How many times have we heard stories (or, GASP! been the story) of somebody getting caught with a simple oversight in security. Have your developers hard-coded, in clear text, the login and password into their ASP pages? Are you WAY behind on applying service packs because, “there just isn't enough time”? Did you forget to lockdown xp_cmdshell? Ever walk up to your desk and discover that when you stepped away for “just a quick sec” to refill your coffee, you got sidetracked by somebody in the hallway, and you hadn't locked your workstation, so it has now been open for a half-hour to anyone to mess with the server under your SysAdmin privileges? Or here's the really scary one... How many copies of MSDE are installed throughout your company? Are you sure? Has anyone locked those down? Ever applied a service pack to them?
We're all susceptible to mistakes or lapses in judgment. And you know you've matured when you can poke fun at your own mistakes. Way to go, Gordon!