How the heck does this happen to a real company, supposedly with a disaster recovery plan?
Seems like the obvious fix is blow away / reformat the compromised server, reload web application source code (backed up on another box, right?), reload application data (backed up on another box, right?) and away we go....
The article explains that the site had been compromised for 6 months, and during that time all the data being stored was being encrypted and then silently decrypted.
So, restoring from a backup wouldn't get you much of anywhere, since the backed-up data would still be encrypted. Even assuming your backups are separate and uncompromised, you'd still have to go back to before the original compromise and lose 6 months worth of data.
How the heck does this happen to a real company, supposedly with a disaster recovery plan?
Seems like the obvious fix is blow away / reformat the compromised server, reload web application source code (backed up on another box, right?), reload application data (backed up on another box, right?) and away we go....
For a financial company???? <sadness>