If you do business within New York State, regulators have introduced changes to cybersecurity regulations for financial services companies.
Both Bloomberg and The Wall Street Journal have summaries, but Bloomberg’s article links to the revised regulations.
"If you give a man a fish, you feed him for a day. If you teach a man to fish, you feed him for a lifetime." ~ Anonymous
While database engineers (and administrators) want to be helpful and answer questions, you should not expect your database engineer to:
Microsoft has agreed to indemnify users of its Copilot service from copyright claims with its new "Copilot Copyright Commitment." This development may ease decision-makers' minds on potential copyright claims stemming from using the service.
What if an AI monitored whether you followed all rules and laws that applied to you?
This chilling and dystopian thought is the subject of a guest post by Jon Penney on Bruce Schneier’s blog (link at bottom).
Security access controls extend into your databases. The principle of least privilege needs to be enforced not only for who can connect but also for what they can do within your databases.
For example, until PostgreSQL version 15, PUBLIC (which all users are a member of) could create tables within the public schema unless REVOKE’d. This is just one example.
It’s important to review what the security defaults are for your database product to ensure you are enforcing the least privilege access model where you explicitly grant access to resources.
"I don’t have a photograph, but you can have my footprints. They’re upstairs in my socks." ~ Groucho Marx
Several recent events have had me thinking more about open-source. The same as many people in the 1990s, my introduction to open-source was with Linux. I remember installing Slackware Linux and later switching to Red Hat Linux.
This article on fines for major banks whose employees used “personal messaging apps to discuss deals, trades and other business” is a good reminder to know and follow the laws and regulations for your industry.
Now if we can get folks to stop texting and driving too!
US regulators fine Wall Street firms $549 mln in latest texting probe
An interesting article giving yet another example of why you should not use a personal email for work correspondence!
Wired recently published a piece on API vulnerabilities in the Points platform used by many hotels, airlines, and banks. One of the researchers pointed out the vulnerabilities would have had “a cascading effect to every company utilizing their loyalty backend”.
“It takes a lifetime to build a good reputation, but you can lose it in a minute.” ~ Will Rogers
Bruce Schneier has hit the nail on the head in his recent post on AI prompt injection attacks. Schneier feels it’s not possible to fully secure large language models (LLMs) against this kind of attack. Essentially, you can use AI to generate injection prompts, but read the article to learn more.