Tagged: strategy

Meltdown 0

Meltdown & Specter bugs: what they mean for business

Meltdown and Specter are recent CPU (hardware) bug discoveries that use a critical design flaw in CPUs to easily obtain the information from an off-limits memory location. In other words, researchers have found a way to trick the CPU into giving up information held elsewhere in memory, even if that memory is off-limits to the original program reading it. Triggering the bug requires very little code and can be as simple as the victim reading a web page that contains the appropriate Javascript. However, finding useful information inside the system and sending that information back home is more complex and may require additional steps from a threat actor. As can be seen in this demo from Michael Schwarz, the bug can cause passwords and other information...


Database encryption – is it worthwhile?

The Wall Street Journal recently reported giant US-based health insurer Anthem had suffered a massive breach of its sensitive customer database. It is thought the entire contents of the database was successfully retrieved by the intruders, who had obtained a legitimate employee’s credentials. The Journal cited a source familiar with the breach, who said the sensitive database was not encrypted and that encryption would have made it more difficult for the intruders to obtain the information. This gives rise to an important security architecture question: when should you encrypt a database? What are the benefits? Would database encryption help? We have very few public details to work off, but in this case I believe database encryption would not have altered the outcome. The intruder had obtained a legitimate employee’s...