Are Thai Data bases safe from hackers ?

[BKKdreaming]

Every day it seems you hear of another USA data base being hacked ,

from the US government down to Target stores

But I have never heard of a Thai data base being hacked ,

Are they that much better ?

I would think a very soft target would be anything from Thia immigration ,

lots of personal info there , but even Thia Banks etc

And how many are running on bootleg copies of Windows XP ?

[Thian]

No databases in the world are safe from hackers.

[Loptr]

No databases in the world are safe from hackers.

I disagree, but will leave it at that...

[h90]

only database that is disconnected is safe....and even this not 100 %

[phazey]

I've seen a lot of mistakes in my time. Databases and other backend servers given an Internet Accessible IP - WITHOUT any form of firewall (This is a large VoIP provider here in the UK too!). The last two enviroments i've worked on have been a bit more security focused, with limited network access and totally locked down firewalls. It's pleasing, but hackers have a habit of exposing even the smallest exploit.

Nothing is safe. After I saw a demonstration of a completely disconnected laptop get infected by another (using the mic and speaker to deploy a payload untrasonically from it's BIOS address space!)

If you're an administrator or a webmaster with a VPS somewhere, just please keep on top of your updates, and review logs frequently....

[BKKdreaming]

My Point was that Thai databases or any other countries who do not think they are targets are probably much easier to hit.

If the US government can get hit then probably anyone can ,

this was more of a reminder that your info at Immigration etc may already be "public" and you do not know it !

[innerspace]

Firstly, google "thai government hacked malware" and you will find reports that hacked thai gov sites are common and a high report of malware, so dont say that thai systems dont get hacked.

Second, Thailand is probably low down on hackers priorities, though could change if groups get upset by handling of current events.

Finally and most importantly, it is not in Thai nature to admit a problem, losing face. Unlike sony a thai company would deny that the database ever even existed rather than publically admit they failed to secure it.

[bendejo]

For an answer to your question you should consider the general attitude toward personal accountability in this culture.

[NOC]

I stopped teaching Thai's due to the cultures attitude toward foreigners. They say hello, and I say 'goodbye', audibly! My TGF laughs!

This may at first seem off-topic, but it's not.

Thai databases get hacked just like other databases get hacked.

There are only two reasons why you would post this dribble.

1) You're Thai

2) You're Thai

[BKKdreaming]

ummm blue eyes , blond hair....yep I am Thai

really it was more a question and a warning that the data the Thais have is probably already hacked but that is never spoken or you lose face.....and it could be your data ....

[FangFerang]

The only hacker safe database is one that is not connected to the internet and is heavily guarded on site (these exist).

As far as Thai database security,

No, Hell No, and No Way.

[sometimewoodworker]

My Point was that Thai databases or any other countries who do not think they are targets are probably much easier to hit.

If the US government can get hit then probably anyone can ,

this was more of a reminder that your info at Immigration etc may already be "public" and you do not know it !

Point 1 I totally agree

Point 2 :) the U.S. government is laughable bad at security. So a poor example. U.S. companies are almost as bad as poor security is all about saving money, they will continue to be bad until they are hit with fines per record lost. $10 would be a good start

[asdecas]

Do boobies hunt fish?

[RBOP]

Thai banks are way behind in electronic security. For instance, Thai Visa credit cards don't even have chips yet and one can not use a pin code when purchasing. You have to sign. Bangkok Bank will soon be upgrading their credit cards.

[SOUTHERNSTAR]

Never put any info like credit card numbers on a data base. No data base is 100% safe, if enough resources are put into it any data base/computer system can be hacked. There are cases of heavily defended databases/computer systems that has been breached, a good example of this is the hacking of the German patriot missile system stationed in Turkey. There are even rumors of stock exchanges that's recently been closed due to being hacked.

[simple1]

Never put any info like credit card numbers on a data base. No data base is 100% safe, if enough resources are put into it any data base/computer system can be hacked. There are cases of heavily defended databases/computer systems that has been breached, a good example of this is the hacking of the German patriot missile system stationed in Turkey. There are even rumors of stock exchanges that's recently been closed due to being hacked.

I use to work for IT MNCs who sold IT security services, statistically greatest IT security threat is internal staff.

[quandow]

only database that is disconnected is safe....and even this not 100 %

Best possible response. I worked IT for 15 years.

[SheungWan]

You should worry more that the data is in 3NF.

[b4n9]

As a former Oracle DBA, I can assure you there are no safe database in this world, unless you go offline (then you have to watch people instead ;D ). Thai databases humm .. Thailand merely follow technologies, they don't develop it, I think it answer the OP's question. nothing special with thai databases. Some thai government websites was defaced some time ago, I think data as well as leaked, but who knows?!

[Bench499d]

It is only a matter of time really considering the lack of data protection regulations here. The recent launch of online 90 day reporting is a great example of an online database which was not designed with security in mind, only later it got an SSL certificate and even that was unsigned...

You can imagine also that all those Windows XP machines out there are a target. Hospitals still using it I noticed.

[beerzy]

Guys already happened 24 August 2015

Thai government websites hacked by Islamist group

By IANS on Aug 24, 2015 at 7:31 PM

5 Shares

• Facebook share
• Twitter share
• Share on Google+

comments

News

Six Thai government websites were hacked on Monday by an Islamist group calling itself “Fallag Gassrini and Dr Lamouchi” from Tunisia, the media reported.

The hackers attacked the official sites of Lamphun, Sing Buri, Sa Kaeo and Tak provinces, as well as Mahasarakham University’s publishing house and Lam Luk Ka Hospital in Pathum Thani, te Bangkok Post reported. Pictures of Rohingya Muslims fleeing persecution in Myanmar and Muslim child victims of bomb attacks were posted on the sites.

[cocopops]

No databases in the world are safe from hackers.

I disagree, but will leave it at that...

Yes or no on "It is virtually impossible to say for sure whether or not any specific database system is safe from hackers."?

[b4n9]

It is only a matter of time really considering the lack of data protection regulations here. The recent launch of online 90 day reporting is a great example of an online database which was not designed with security in mind, only later it got an SSL certificate and even that was unsigned...

You can imagine also that all those Windows XP machines out there are a target. Hospitals still using it I noticed.

humm . . and do not forget that all ATM Machines or at least most of them still using WinXP in their terminals. I also noticed that, last time drawn some cash at bangkok bank.

[b4n9]

No databases in the world are safe from hackers.

I disagree, but will leave it at that...

Yes or no on "It is virtually impossible to say for sure whether or not any specific database system is safe from hackers."?

oracle is `huge` and not safe at all. SAP also so many vulnerabilities. microsoft sql server is a joke if compared to some others databases. the opensource ones are great option, 'cause the community can provide patches/bug/fix very often (more flexibility) keeping it more safe. to keep your data safe is all about strategy and less people know about more safe the data will be. also avoid enterprise standards, default configs, etc and etc.. also most attacks happen through the application interface (e.g. websites), then always sanitize inputs in that case. nevertheless there will always be a new vulnerabilite, also it all is becaming more and more complex with time. if you want to know more about all this stuffs just search google by `metasploit`.

sawadee krap fellas!

Edited September 12, 2015 by b4n9

[Bench499d]

It is only a matter of time really considering the lack of data protection regulations here. The recent launch of online 90 day reporting is a great example of an online database which was not designed with security in mind, only later it got an SSL certificate and even that was unsigned...

You can imagine also that all those Windows XP machines out there are a target. Hospitals still using it I noticed.

humm . . and do not forget that all ATM Machines or at least most of them still using WinXP in their terminals. I also noticed that, last time drawn some cash at bangkok bank.

But at least these probably use Win XP embedded which is supported with security patches until Jan 2016. Better get a move on upgrading them.

[connda]

Short, accurate, and realistic answer: "No"

Longer answer: And this applies to all computer systems and databases whether online, air-gapped, or physically secured. "No"

Edited September 12, 2015 by connda

[beerzy]

It is only a matter of time really considering the lack of data protection regulations here. The recent launch of online 90 day reporting is a great example of an online database which was not designed with security in mind, only later it got an SSL certificate and even that was unsigned...

You can imagine also that all those Windows XP machines out there are a target. Hospitals still using it I noticed.

humm . . and do not forget that all ATM Machines or at least most of them still using WinXP in their terminals. I also noticed that, last time drawn some cash at bangkok bank.

But at least these probably use Win XP embedded which is supported with security patches until Jan 2016. Better get a move on upgrading them.

Guys,

The hackers do the same training nd setup the same systems. if you think your databases are safe then think again. nothing is safe wih your personal information

[Bench499d]

It is only a matter of time really considering the lack of data protection regulations here. The recent launch of online 90 day reporting is a great example of an online database which was not designed with security in mind, only later it got an SSL certificate and even that was unsigned...

You can imagine also that all those Windows XP machines out there are a target. Hospitals still using it I noticed.

humm . . and do not forget that all ATM Machines or at least most of them still using WinXP in their terminals. I also noticed that, last time drawn some cash at bangkok bank.

But at least these probably use Win XP embedded which is supported with security patches until Jan 2016. Better get a move on upgrading them.

Guys,

The hackers do the same training nd setup the same systems. if you think your databases are safe then think again. nothing is safe wih your personal information

I agree. I think that is what I was saying essentially.

[b4n9]

It is only a matter of time really considering the lack of data protection regulations here. The recent launch of online 90 day reporting is a great example of an online database which was not designed with security in mind, only later it got an SSL certificate and even that was unsigned...

You can imagine also that all those Windows XP machines out there are a target. Hospitals still using it I noticed.

humm . . and do not forget that all ATM Machines or at least most of them still using WinXP in their terminals. I also noticed that, last time drawn some cash at bangkok bank.

But at least these probably use Win XP embedded which is supported with security patches until Jan 2016. Better get a move on upgrading them.

Even `Win XP embedded` has the same vulnerabilities of `Win XP Professional` or other version of Win XP. The real problem is if Thai bank managers apply patches or not. I do not think so. The wise decision as you said better upgrade them.

[b4n9]

It is only a matter of time really considering the lack of data protection regulations here. The recent launch of online 90 day reporting is a great example of an online database which was not designed with security in mind, only later it got an SSL certificate and even that was unsigned...

You can imagine also that all those Windows XP machines out there are a target. Hospitals still using it I noticed.

humm . . and do not forget that all ATM Machines or at least most of them still using WinXP in their terminals. I also noticed that, last time drawn some cash at bangkok bank.

But at least these probably use Win XP embedded which is supported with security patches until Jan 2016. Better get a move on upgrading them.

Guys,

The hackers do the same training nd setup the same systems. if you think your databases are safe then think again. nothing is safe wih your personal information

Well, nobody here said any moment it is safe. The answer is `no safe at all`. But we can always alaborate better answers than just say no or yes. No or Yes by itself means nothing without explaing why it is no or yes.