|
There is no such thing as proof.
And there is also no point in asking Salesforce, I mean, they're probably pretty good, but no-one is perfect. Also: Security Questionnaire | CommitStrip[^]
Just make sure you have off site backups. And also a backup plan.
|
|
|
|
|
That's the thing. While my knowledge of Salesforce is not advanced, having your own offsite backups seems pretty near impossible. Just getting to the data is very hard. Since it is all browser based and a few other things, it might be fairly easy for the Salesforce folks to protect the data pretty good on their own. I don't know.
|
|
|
|
|
The only systems that are ransomware-proof are systems that don't have a network access.
|
|
|
|
|
That's the point. Salesforce seems to have very limited access other than by browser. It may be designed that way with security in mind and it may allow a very high degree of protection. That is what I am curious about.
|
|
|
|
|
Or a user!
Or a user with admin privileges!
I am sure that some hacker has a script that given the correct access(admin) could encrypt all of your data in-place.
How easy is it for SalesForce to fall back/restore to a time frame before the hack?
|
|
|
|
|
It's not "completely SAAS"; at some point the business has to interact with it and that's one weak link (like transferring infected image files).
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
|
|
|
|
|
Not too shabby. I was sort of thinking that since all data enters through forms, it could be examined for safety. I didn't think of images that were uploaded. I don't think it is a large vector of attack, but it is one. Thanks
|
|
|
|
|
Michael Breeden wrote: . It's interesting and ... can be standoffish, hard to reach. I'm wondering if that barrier makes it protected from ransomware.
Just because it's hard to reach doesn't make it ransomware-proof. Login credentials can still be compromised, tokens can be stolen, even two-factor authentication is proving to be more of an inconvenience for legitimate users than the bad guys (I don't have the details, but there was a discussion on this topic not too long ago on the Security Now podcast).
Why the worry about ransomware, specifically, when it comes to Salesforce?
|
|
|
|
|
Quote: Why the worry about ransomware, specifically, when it comes to Salesforce?
It's not that I'm worried about it. I'm curious if it can be attacked by it. I'm mostly a .Net developer, AWS, IIS, Data Center. All of those can be attacked by Ransomware or other malware. Even if a person had login credentials I suspect that Salesforce could not catch a ransomware bug. You might be able to delete the data or change user credentials, but I'm not sure you can infect it with much in the way of malware. That's what I am curious about... They said they couldn't get anyone with Salesforce experience so they just got a senior developer and hoped I'd figure it out
|
|
|
|
|
Michael Breeden wrote: It's not that I'm worried about it. I'm curious if it can be attacked by it.
It can be attacked for sure, and I'm sure they have all sorts of mitigations in place...so the question is, how successful might an attack be?
Anything that gets loose on their internal network will be able to encrypt whatever it's running under has read/write access to. How that might happen however is anyone's guess (or else it'd be fixed).
|
|
|
|
|
First there's noise: a gale blowing outside. (7)
(My browser thinks I already posted this, but I can't see it on CP.)
[edit: found it in W&W. No idea how.]
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
modified 26-Sep-22 4:54am.
|
|
|
|
|
First
noise DIN
gale LEA G
blowing outside. (anag)
LEADING
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Well it is easy Monday...
YAUT(uesday).
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
So, a recipe for ragu contains amongst others Pancetta di maiale.
This translates to pork belly or bacon depending on which translation I use.
Question: should it be smoked or not? It's not obvious to me.
|
|
|
|
|
Italian here, usually we refer to the smoked one.
So far the only recipes that require unsmoked pork belly in a mince are Chinese, indeed I had no small amount of trouble finding someone who would mince me pork belly to make dumplings.
GCS/GE d--(d) s-/+ a C+++ U+++ P-- L+@ E-- W+++ N+ o+ K- w+++ O? M-- V? PS+ PE Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
As I got two different answers I suspect it might depend on regional differences.
I think I remember that Carlo is from Rome, And I have a faint memory that you're from the north. Is that correct?
|
|
|
|
|
I'm from the north, correct. There are some regional variations, for example pork cheek was almost unfindable in big stores up until a dozen years ago and we got used to make carbonara and amatriciana with smoked pork belly - which has been the readily available one for years.
Unless someone was rich enough to afford a butcher, you had to make do with what great distribution offered, and until 20 years ago there were very few supermarket chains and no discount chains.
GCS/GE d--(d) s-/+ a C+++ U+++ P-- L+@ E-- W+++ N+ o+ K- w+++ O? M-- V? PS+ PE Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
|
Copy'n'paste without attribution is called plagiarism, and it's something that we, the members (and staff) of Codeproject stamp on, very hard.
We write articles, we answer questions: we don't appreciate it when somebody else uses their considerable intelect to press CTRL+C, CTRL+TAB, CTRL+V and claim it as original to them.
Which is what you did here: copy'n'paste somebody else's words without giving any credit.
As a result, you are now under consideration by members to be kicked from the site - we have a special forum just for spam and abuse (which includes plagiarism). You want to stay here? Remove it, apologise, and hope that we believe it was an accident ... and do it quickly, the kicking process has been started, and it doesn't normally take too long ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
It's a bot. Also, spam isn't used in our cuisine.
GCS/GE d--(d) s-/+ a C+++ U+++ P-- L+@ E-- W+++ N+ o+ K- w+++ O? M-- V? PS+ PE Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
What makes you think it's a bot?
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
It hooked on "italian" and "culinary" and psoted a blurb out of some encyclopaedia, with a bad quoting too. On reddit there are many bots, some even actually useful, that do just that, posting for example a wikipedia summary when htey hook into a message with "what is xxxx?". Twitter is also full of bots like these, I had a screenshot of my FFXIV character reposted a dozen of times because in the tweet I used the word "hodgepodge", which is apparently tied to something about NFT/cryptoscam.
TL;DR: it matches the behavior I saw thousands of times from bots. Add in the mix the freshly created account and well, if I had a gun I'd have pulled the trigger with a light heart.
GCS/GE d--(d) s-/+ a C+++ U+++ P-- L+@ E-- W+++ N+ o+ K- w+++ O? M-- V? PS+ PE Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
Makes sense!
I'll edit Gregs S&A post to link the member and remove the link to here.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Is this replying to a deleted message?
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
|
|
|
|
|
Yes, I think it was "troll / spam" closed, leaving the thread ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|