Search Postgresql Archives

Re: Ransomware article

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 3, 2015 at 3:33 PM, Gordon Haverland <ghaverla@xxxxxxxxxxxxxxxxxxxx> wrote:
TheRegister is running an article about someone breaking into a dbase,
taking control of the encryption key, and 6 or so months later
demanding ransom from the owner of the dbase.

http://www.theregister.co.uk/2015/02/03/web_ransomware_scum_now_lay_waste_to_your_backups/

Anyone want to comment on this?  In general, or PostgreSQL in
particular?


As far as I can tell from that article they never broke into any database. They broke into the PHP server, using bugs in PHPBB and injected encryption code in the PHP application so that all data was encrypted *before* it was sent to the database. The database itself was not compromised, it just  stored the encrypted texts as the application asked it to.

This would obviously break things as simple as a LIKE matching on a string, but if the application is trivial enough not to use that, it's certainly doable. But all the security issues are 100% within the application itself.

--

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux