Ransomware article

On Tue, Feb 3, 2015 at 3:33 PM, Gordon Haverland <
ghaverla@materialisations.com> wrote:

TheRegister is running an article about someone breaking into a dbase,
taking control of the encryption key, and 6 or so months later
demanding ransom from the owner of the dbase.

http://www.theregister.co.uk/2015/02/03/web_ransomware_scum_now_lay_waste_to_your_backups/

Anyone want to comment on this? In general, or PostgreSQL in
particular?

As far as I can tell from that article they never broke into any database.
They broke into the PHP server, using bugs in PHPBB and injected encryption
code in the PHP application so that all data was encrypted *before* it was
sent to the database. The database itself was not compromised, it just
stored the encrypted texts as the application asked it to.

This would obviously break things as simple as a LIKE matching on a string,
but if the application is trivial enough not to use that, it's certainly
doable. But all the security issues are 100% within the application itself.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/