Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

But wouldn't the "canary" idea be more useful if the email was changed frequently? Suppose a cron job updated the email address every day to include a few non-obvious characters encoding the current date so that the spam you get tells you when that row was copied from your database.


No, that wouldn't improve it at all. The problem with the canary is that it's a weak, not particularly useful signal: "we probably got compromised".

Here, let me help all of you with web apps out right now: you have probably been compromised.

Go do something about it. Then come back and tell me what you did.


To me it makes sense to keep good records of security events so if I were to get this "signal" I'd make sure the details were captured and the appropriate people informed. Then I'd double check the obvious things like who logged into the database server that day, who had access to backups, who may have worked on database code in that time, when that code was last (or ever) audited and so on.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: