Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
A Mere 8 Days After Breach, Anthem Healthcare Notifies Customers
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
ODA155
50%
50%
ODA155,
User Rank: Ninja
2/6/2015 | 2:50:59 PM
Re: Why does it matter if the data was encrypted?
@L174, WHAT!? Where are you getting your information?

The operating system only determines encryption levels (Protocols) if you let it, such as in a Windows Server where encryption can be controlled with a simple registry edit. I'd have to believe that these companies are not allowing this to happen and instead are using add on applications like OpenSSL or some other enterprise level data encryption software. Furthermore, if the data is encrypted you cannot access it without the proper keys for access, unless you have a few super-duper computers and more than a few years to hopefully stumble onto the correct key parings.

Although there may be places in the infrastructure where data may not be fully encrypted such as at the point where the application feeds a DB, but even that is very rare. Even rarer (I hope) would be an unencrypted DB holding sensitive data, hell, or ANY DATA. Any company that does not encrypt data in transit is stupid and deserves to be hacked.

Sensitive data that travels over a network are required to be securely encrypted from the point of data entry to the point where the data is processed if those companies are to be HIPPA, PCI or GLBA compliant.

Your comment leaves me to believe that you are either:

a)      Trolling

b)      Uninformed

c)       Not responsible for security on any level

or...

d)      Negligent

So you said, "Data Encryption is only helpful if a physical harddrive or machine is stolen, period."... what's the difference between a disc-image or the actual HDD? And a hacker isn't going after a HDD or an image because attempting to obtain either will or should set off alerts, he wants the DB and even that is going to be striped across a RAID. From what I remember about RAID, what you suggest is only "possible" if you remove a drive from a RAID – 0 or RAID – 1, and I don't believe Anthem is "Mom & Pop" enough for that configuration.

anon4914728044
100%
0%
anon4914728044,
User Rank: Apprentice
2/6/2015 | 2:18:09 PM
Re: Why does it matter if the data was encrypted?
I hate to be blunt, but your post belies a significant level of ignorance about major-business information security architecture and infrastructure.

 

Anthem almost certainly does not store production databases on "encrypted disks".

Also, the fact that a "database administrator noticed unauthorized queries" strongly suggests that if the data was encrypted, it's still encrypted and is (to the limits of the encryption strenght) just fine now.

 

When you understand enough to know why these statements are true, you'll understand why the rest of your post is largely incorrect as well.
L174
33%
67%
L174,
User Rank: Apprentice
2/6/2015 | 12:00:44 PM
Why does it matter if the data was encrypted?
Data Encryption is only helpful if a physical harddrive or machine is stolen, period. (Let that sink in for a minute)

While encryption is beneficial it is only usful in about 3% to 5% of data breach situations. (If you want to do a groundbreaking story you should focus on the fact that encryption offers very little protection in a hacking situation.)

Once a hacker has access to a running machine the data has already been decrypted by the Operating System or the running application and it is fully available to the hacker in the same decrypted format.

I will say it again, encryption is only helpful if a physical machine or harddrive has been stolen. So the big question was not "was the data encrypted' but how did the hackers gain access? By the way, I am willing to bet the data in this case was on an encrypted disk and as expected it did not help.
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13295
PUBLISHED: 2020-08-10
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
CVE-2020-6070
PUBLISHED: 2020-08-10
An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerabilit...
CVE-2020-6145
PUBLISHED: 2020-08-10
An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-8224
PUBLISHED: 2020-08-10
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
CVE-2020-8229
PUBLISHED: 2020-08-10
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.