The Royal Institute of British Architects' (RIBA) members database was hacked at the weekend, causing the institute to close access to the members' area, which remains shut. RIBA reports that 1,200 other organisations in the US and UK have also been attacked in a similar way, but "neither the RIBA nor other organisations …
you try to snuff out our flame... we sniff out your data ...
The old 'plant a web address on the databases' gag. I hate it when that happens.
1200 targeted - 1 hacked?
"The institute refused to comment on whether the database was encrypted or password protected."
Meaning: No it was NOT.
"We are taking urgent action to upgrade the protection of our systems against this latest type of threat."
This reads: since we are to stingy to cough up the yearly $300 to get a proper SSL certificate, we'll use RC4-40 and a unique/shared password: Archit3ct, replacing the too obvious passwd.
why do we even connect to China?
Ahh lets just get it over with and cut all the net links to china. Would solve so many problems and would we miss their contribution to the internet?
How TF would RIBA know that "1,200 other organisations in the US and UK have also been attacked in a similar way"? Particularly since "planted a web address on the databases" doesn't even mean anything, at least in English.
A live database cannot be encrypted - only the access key can be, if we are talking one way hash.
If you encrypt the email address say, you still have to decrypt it somewhere on the server.
The only solution is to take the data to a local store, if you wish to use the data but not in conjunction with the site software, so not for login say.
The problem is centralized databases not encryption, if people start to think they just encrypt their data and all is well, they are deluding themselves as the decryption will occur on the server as well. Encryption only works in transit not live. At the point of receive and decryption you are vulnerable.
And yes this 'planted web address on the database' is just babble, it is meaningless.
And it is tempting to block China, maybe block all countries apart from Western Europe, Canada and the USA makes sense for most commercial sites. Actually if that was a campaign we would probably reduce attacks on hosts all over. I see attacks from the US, but that could be a compromised host, less chance of that happening if a block campaign was started. Would make it a little harder for companies to offshore as well, but hey who really is pro that.
I've banned Chinese IPs
I've banned Chinese IP addresses from my websites. People who don't do this - what are you gaining from Chinese visitors? Are they buying your goods? Are they contributing in a positive way to your website?
Who flung dung?
You cannot ban us, we are the people's republic of china!
I've Banned Many Ranges
I've also banned all of china. I also went a bit further and banned anything outside the US! : P My company is not international and therefore we don't need anything outside the US... the only thing that comes up is troubleshooting every now and then to allow certain websites, for example the register. : D
What the hell do you know?
Particularly since "planted a web address on the databases" doesn't even mean anything, at least in English.
We were miss quoted you plank.
A web address hosting a Java script was written to a number of fields within the database. With a little digging we found that on the weekend this occurred, a hell of a lot of other sites were also effected.
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- Spanish village called 'Kill the Jews' mulls rebranding exercise
- NASA finds first Earth-sized planet in a habitable zone around star
- New Facebook phone app allows you to stalk your mates
- Battle of the Linux clouds! Linode DOUBLES RAM to take on Digital Ocean