Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
A Mere 8 Days After Breach, Anthem Healthcare Notifies Customers
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
ODA155
50%
50%
ODA155,
User Rank: Ninja
2/6/2015 | 2:50:59 PM
Re: Why does it matter if the data was encrypted?
@L174, WHAT!? Where are you getting your information?

The operating system only determines encryption levels (Protocols) if you let it, such as in a Windows Server where encryption can be controlled with a simple registry edit. I'd have to believe that these companies are not allowing this to happen and instead are using add on applications like OpenSSL or some other enterprise level data encryption software. Furthermore, if the data is encrypted you cannot access it without the proper keys for access, unless you have a few super-duper computers and more than a few years to hopefully stumble onto the correct key parings.

Although there may be places in the infrastructure where data may not be fully encrypted such as at the point where the application feeds a DB, but even that is very rare. Even rarer (I hope) would be an unencrypted DB holding sensitive data, hell, or ANY DATA. Any company that does not encrypt data in transit is stupid and deserves to be hacked.

Sensitive data that travels over a network are required to be securely encrypted from the point of data entry to the point where the data is processed if those companies are to be HIPPA, PCI or GLBA compliant.

Your comment leaves me to believe that you are either:

a)      Trolling

b)      Uninformed

c)       Not responsible for security on any level

or...

d)      Negligent

So you said, "Data Encryption is only helpful if a physical harddrive or machine is stolen, period."... what's the difference between a disc-image or the actual HDD? And a hacker isn't going after a HDD or an image because attempting to obtain either will or should set off alerts, he wants the DB and even that is going to be striped across a RAID. From what I remember about RAID, what you suggest is only "possible" if you remove a drive from a RAID – 0 or RAID – 1, and I don't believe Anthem is "Mom & Pop" enough for that configuration.

anon4914728044
100%
0%
anon4914728044,
User Rank: Apprentice
2/6/2015 | 2:18:09 PM
Re: Why does it matter if the data was encrypted?
I hate to be blunt, but your post belies a significant level of ignorance about major-business information security architecture and infrastructure.

 

Anthem almost certainly does not store production databases on "encrypted disks".

Also, the fact that a "database administrator noticed unauthorized queries" strongly suggests that if the data was encrypted, it's still encrypted and is (to the limits of the encryption strenght) just fine now.

 

When you understand enough to know why these statements are true, you'll understand why the rest of your post is largely incorrect as well.
L174
33%
67%
L174,
User Rank: Apprentice
2/6/2015 | 12:00:44 PM
Why does it matter if the data was encrypted?
Data Encryption is only helpful if a physical harddrive or machine is stolen, period. (Let that sink in for a minute)

While encryption is beneficial it is only usful in about 3% to 5% of data breach situations. (If you want to do a groundbreaking story you should focus on the fact that encryption offers very little protection in a hacking situation.)

Once a hacker has access to a running machine the data has already been decrypted by the Operating System or the running application and it is fully available to the hacker in the same decrypted format.

I will say it again, encryption is only helpful if a physical machine or harddrive has been stolen. So the big question was not "was the data encrypted' but how did the hackers gain access? By the way, I am willing to bet the data in this case was on an encrypted disk and as expected it did not help.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40669
PUBLISHED: 2021-09-16
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.
CVE-2021-40670
PUBLISHED: 2021-09-16
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
CVE-2021-29763
PUBLISHED: 2021-09-16
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.
CVE-2021-29825
PUBLISHED: 2021-09-16
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.
CVE-2021-29842
PUBLISHED: 2021-09-16
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.