Are Your Protecting Your DB Backups?

This was reposted from Clean Up BlogThisSecurity feed and make it a snipit http://www.sqlservercentral.com/blogs/brian_kelley/2012/11/27/are-your-protecting-your-db-backups/ written by (author unknown). They get all the credit for this, not me.

tapes by twicepix, on FlickrFolks have cited the recent InformationWeek article on how South Carolina’s Department of Revenue¬†was hacked because the SC state government basically said, “It’s the IRS’ fault for not telling us we should encrypt social security numbers.” I’m not going to touch that. It stands on its own for its foolishness. However, I did key in on how the hack happened and how the data was obtained. I found this bit to be particularly interesting:

“But with more work, by Sept. 12, 2012, the attacker had successfully located and begun copying 23 database backup files, containing 74.7 GB of data, to another directory. Soon, the attacker compressed the data into 15 zip files, transferred them to another server, sent the data to an external system — outside the state’s control — and deleted the zip files to help hide the data breach, according to Mandiant’s report.”

In other words, the attacker, once inside the trusted network, located the database backup files, zipped them up, and then copied them offsite. That’s how the data was lost. The database backups were attacked.

 

Additional reading can be found at the original author’s post.

Jail Looms For Man Who Revealed AT&T Leaked iPad User E-Mails

This was reposted from Clean Up BlogThisSecurity feed and make it a snipit http://rss.slashdot.org/~r/Slashdot/slashdot/~3/5ifWhOwuT7U/story01.htm written by Soulskill. They get all the credit for this, not me.

concealment sends this quote from MIT’s Technology Review: “AT&T screwed up in 2010, serving up the e-mail addresses of over 110,000 of its iPad 3G customers online for anyone to find. But Andrew Auernheimer, an online activist who pointed out AT&T’s blunder to Gawker Media, which went on to publicize the breach of private information, is the one in federal court this week. Groups like the Electronic Frontier Foundation worry that should that charge succeed it will become easy to criminalize many online activities, including work by well-intentioned activists looking for leaks of private information or other online security holes. [Auernheimer’s] case hasn’t received much attention so far, but should he be found guilty this week it will likely become well known, fast.”

Share on Google+

Read more of this story at Slashdot.

Additional reading can be found at the original author’s post.