spacerspacer
spacer
MinusResetPlus
Phone Number 608-204-9299
Smart Solutions Inc.
Home » Blog » Good Morning, You're Fired!
Good Morning, You're Fired!

by Ethan Roberts

I came in to the office today at my normal time and started doing the work I had left from two days ago. I work part-time, on-site for one of my clients so I'm not in every day.

Within 5 minutes the network administrator was at my desk. She's a very competent, very security-minded person, exactly what you'd hope for in the person who is babysitting your network full of confidential health information. I mean, she's so good she actually knows what HIPAA stands for. That's dedication. <continued>

And this is how my day starts: "Good morning, Ethan. I'm not sure what you were doing on Monday afternoon, but you triggered several hacking alerts on my Cisco security device. Even googling the error message was enought to fire off more alerts from MY machine. Can you please tell me what you were working on?"

My current project is trying to convince SSIS to do some very basic things like drop and restore a database. I was googling everything and nothing showed up as a potential security concern. Her reports said that my machine had hit several external sites with a SQL Injection attack. I'm building a Windows application for this client. Where would I be doing an external sql injection attack like that?

We went through the security messages and surfed to the IP addresses I had "attacked". Bizarrely, they were all google.com. I went back in my browser history and looked at the google searches I had run around the time that the security warnings hit. By clicking on those links I was able to re-create the problem.

Want to know what I did wrong?

I googled this: t-sql drop database close connections

Her Cisco device noticed that I was sending questionable sql in an http call (drop database), and responded appropriately. Further, since I use Chrome and Google's smart search feature that autocompletes as much as possible, it was sending those search requests multiple times while I typed.

The story, thankfully, ends happily. She was thrilled that her security device was working so well, I was thrilled that I wasn't fired or in the doghouse anymore, and we all went our merry way.

I share this story in case anyone else gets hit with the same type of security issues. Your job may depend on it.

Postscript: 2 hours later CRM went down. She called me first to see if I had done anything. So maybe I'm not out of the doghouse yet.

Comments (0)Add Comment
feedSubscribe to this comment's feed

Write comment
smaller | bigger

busy
 
Smart Solutions
To apply, email your resume to alice@smart-solutions.com
Looking For a Job?
Click here for opportunities to join our team!
Need An It Resource?
Need to fill an open position with an employee or consultant? We can help!
Looking For Training
Click here for information about strategic training from Smart Solutions
Home | Services | Why Choose Us | Training | Careers | About | Contact Us
Information Technology Consulting in Madison, WI - Smart Solutions Inc.Smart Solutions, Inc.  | 200 River Place, Ste. 230, Madison, WI 53716 | Phone: 608-204-9299 | Fax: 608-204-9177