Re: Sony Hack / Knee Jerk Reaction Mitigation (Looking for input)

From: Phillip Jones <phil_at_phillip.im>
Date: Mon, 15 Dec 2014 16:31:09 +0000
Message-ID: <CAOyzJudrdkk31HrhKgO-VXnX-V-_FcB7iX8o4xy7FbgBe5aF3g_at_mail.gmail.com>

Hi,

The Sony escapade could have been largely prevented. What really screwed them was the following:

"Even more interestingly, BuzzFeed reports that data shared online by hackers includes a file directory titled “Password,” which includes “139 Word documents, Excel spreadsheets, zip files, and PDFs containing thousands of passwords to Sony Pictures’ internal computers, social media accounts and web service accounts.” Individual file names are “plainly labeled with titles like ‘password list.xls’ or ‘YouTube login passwords.xlsx.’"

Without those lists of passwords, I doubt things would have been so bad...

Phil

On Mon, Dec 15, 2014 at 4:18 PM, Don Seiler <don_at_seiler.us> wrote:

> I just hope your CEO didn't write any nasty emails about Angelina Jolie or
> do anything to upset the North Koreans!
>
> ;)
>
> Don.
>
> On Mon, Dec 15, 2014 at 9:55 AM, Chris Taylor <
> christopherdtaylor1994_at_gmail.com> wrote:
>>
>> Ok guys/gals,
>>
>> Management wants to protect everything from a Sony-like hack. What that
>> means, I'm not sure and I am still working with them to define what they
>> want from a database perspective.
>>
>> From a database perspective, it appears that at a minimum they're wanting
>> to encrypt confidential information stored in the databases so that if
>> someone did get ahold of the data (or into the db), that the information
>> would be useless without being able to decrypt it.
>>
>> What I'm looking for (as an encryption newbie) is an overview of how
>> encryption works between the encypted data and applications that consume it
>> (and database links as well).
>>
>> Does anyone know of a whitepaper or presentation showing "encryption in
>> action" - showing a sample setup of encryption in the db and how to get
>> applications to be able to decrypt it and consume it?
>>
>> I'm wanting to gain an understanding of how the pieces work together as I
>> don't have that currently.
>>
>> Thoughts?
>>
>> Chris Taylor
>>
>>
>>
>
> --
> Don Seiler
> http://www.seiler.us
>

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Dec 15 2014 - 17:31:09 CET

This message: [ Message body ]
Next message: David Kurtz: "RE: 12c and peoplesoft"
Previous message: Chris Taylor: "Sony Hack / Knee Jerk Reaction Mitigation (Looking for input)"
Maybe in reply to: Chris Taylor: "Sony Hack / Knee Jerk Reaction Mitigation (Looking for input)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message