Hello Everyone, Does anyone have any more detail about what kind of system Anthem / Blue Cross was running and what kind of attack broke into their system? It's terrible that it happened, but I think it would benefit all Admins everywhere to learn how it happened so that we can secure our systems from a similar breach of information. Anyone know? Chris
On 02/06/2015 08:17 AM, Chris Wensink wrote:> Hello Everyone, > > Does anyone have any more detail about what kind of system Anthem / Blue > Cross was running and what kind of attack broke into their system? > > It's terrible that it happened, but I think it would benefit all Admins > everywhere to learn how it happened so that we can secure our systems > from a similar breach of information. > > Anyone know? > > Chris > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centosI recommend reading up on kreb's site: http://krebsonsecurity.com/2015/02/china-to-blame-in-anthem-hack/ Not sure the "hack" was an issue with their platforms per se. " ?On January 27, 2015, an Anthem associate, a database administrator, discovered suspicious activity ? a database query running using the associate?s logon information. He had not initiated the query and immediately stopped the query and alerted Anthem?s Information Security department. It was also discovered the logon information for additional database administrators had been compromised. ? SANS is a good resource as well. I'm no security expert by any means, so ymmv. Regards, Monty
On Fri, 2015-02-06 at 08:40 -0600, mshinn wrote:> I recommend reading up on kreb's site: > > http://krebsonsecurity.com/2015/02/china-to-blame-in-anthem-hack/ > > Not sure the "hack" was an issue with their platforms per se. > > " > ?On January 27, 2015, an Anthem associate, a database administrator, > discovered suspicious activity ? a database query running using the > associate?s logon information. He had not initiated the query and > immediately stopped the query and alerted Anthem?s Information Security > department. It was also discovered the logon information for additional > database administrators had been compromised.?Flash has always been banned from all my machines, without exception and regardless of any resulting "hardship". I wonder why so-called Computer Experts continue to use third-party closed source software which secretly, and it always has, deposits information on the user's hard disk. Another Lesson to learn: *NO* Flash stronger passwords for SQL encrypt all the data that is not required for indexed searches. There is a war going-on out there and we are the targets ! -- Regards, Paul. England, EU. Je suis Charlie.