Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Hard to believe after initial hack they didn't launch a group wide memo from the CEO to encrypt all personal data. Could have brought some DLP vendor in to find it and roll out rapid database level encryption without changing application code. SQL injection vulnerabilities in this day and age is unforgivable but unfortunatly not uncommon. Sony will not be the only global company with hundreds of such vulnerabilities


>Could have brought some DLP vendor in to find it and roll out rapid database level encryption without changing application code.

Wait... if Sony fully encrypt the database, they need a way to ask the database to be decrypted from their program.

But if the hackers use SQL injection, they would be attacking the database through a SQL call that, by necessity, must decrypt the database.

Wouldn't some sort of full database encryption only protect from someone getting a DB dump? Or am I misunderstanding?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: