KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

SQL 2016 + Dynamic Data Masking = Exposure

Starting with SQL 2016, Microsoft has included a new “security” feature called Dynamic Data Masking, or DDM for short.  This new feature is supposed to allow you to secure data by masking it to people who should not have access.  For example, if you are a DBA and you have a database with PCI (Credit…

Continue Reading

Vulnerability Found: [REMOVED] Engineering

The information I release for this vulnerability will be limited since the issue has not been patched.  I contacted [REMOVED] Engineering a little over a month ago and was told that they will be resolving the issue.  As of today (November 1st, 2014) the site appears to still be vulnerable. This vulnerability leaks information about employees…

Continue Reading