User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » Anonymous speaks about HBGary Page [1]  
KE4ZNR
All American
2695 Posts
user info
edit post

http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars

Very well written article from ARS on how Anonymous was able to destroy HBGary.

This should be required reading for any I.T. Geek.

2/16/2011 12:06:55 AM

lewisje
All American
9196 Posts
user info
edit post

TL;DR: MD5hit and SQLOL injection

2/16/2011 2:31:41 AM

BIGcementpon
Status Name
11319 Posts
user info
edit post

Don't forget "social engineering."

Pretty interesting read. Thanks

2/16/2011 2:59:22 AM

EuroTitToss
All American
4790 Posts
user info
edit post

No salting either.

I just sent this to my team. I've been handling a lot of security lately, so some of this seems down right retarded (especially for a security company). Here's a good article on rainbow tables... every other place I've seen it explained incorrectly:
http://kestas.kuliukas.com/RainbowTables/

2/16/2011 9:39:28 AM

quagmire02
All American
44225 Posts
user info
edit post

Quote :
"No salting either."

hah, really? 'twas asking for it

2/16/2011 9:44:07 AM

wwwebsurfer
All American
10217 Posts
user info
edit post

I had to brush my shoulders off after reading that. We look like fort knox compared to a government security company .

Some of this stuff is just plain DUMB. I use the crap out of some MD5, but for nothing security related - it's packed with holes - just to verify file transfer integrity. And keys for SSH? Then sending the root passwords over plain email? Geez.

2/16/2011 9:58:27 AM

BobbyDigital
Thots and Prayers
41777 Posts
user info
edit post

Yeah that was probably the most egregious of a laundry list of negligent failures.

2/16/2011 10:19:27 AM

CharlesHF
All American
5543 Posts
user info
edit post

Very interesting article -- thanks for the link.

2/16/2011 10:27:49 AM

Pikey
All American
6421 Posts
user info
edit post

As dumb as it was in hindsight, I feel bad for Jussi. If the CEO or president of the company is emailing me from his addy asking for his login credentials, I would have given them to him too.

2/16/2011 11:16:23 AM

wwwebsurfer
All American
10217 Posts
user info
edit post

^you make a valid point

However, our CEO/President is pretty clueless. If he was asking for that level of credential I'd be monitoring it like a hawk. He wouldn't waste time doing it himself, he'd have me retrieve it and send it to him.

Of course I'd never open a hole in a firewall for almost any purpose (well, on anything production.) We've got VPN for a reason.

Many, many failures here - just a perfect storm for the hackers.

2/16/2011 12:14:52 PM

Pikey
All American
6421 Posts
user info
edit post

Also, I feel like any form of 'jabberwocky' is a pretty common password. I think it was used at some point at my work for something.

2/16/2011 12:40:09 PM

Tarun
almost
11687 Posts
user info
edit post

2/16/2011 12:50:22 PM

darkone
(\/) (;,,,;) (\/)
11611 Posts
user info
edit post

I wonder how many of those security shortcomings TWW is vulnerable to?

2/16/2011 4:31:38 PM

Duncan
All American
1442 Posts
user info
edit post

^ It would take a pretty bored hacker to attack TWW. Besides, I doubt there are any blatant security holes.

DISREGARD THAT, I SUCK COCKS.

2/16/2011 4:46:37 PM

raiden
All American
10505 Posts
user info
edit post

Sounds like a well executed hack on a deserving target.

2/17/2011 6:09:02 AM

stevedude
hello
4763 Posts
user info
edit post

HACK THE PLANET

2/17/2011 10:36:13 AM

KE4ZNR
All American
2695 Posts
user info
edit post

Sounds like a well executed hack on a deserving target.

Indeed....seems some media outlets out there are portraying this situation as "EVIL ANONYMOUS hacks poor
innocent defenseless little pride of America HBGary".

I am glad that company is ruined. And the fact that that arrogant prick Aaron Barr will now be reduced to working
the drive through at Wendys gives me a certain satisfaction.

2/17/2011 5:52:52 PM

WolfAce
All American
6458 Posts
user info
edit post

It should serve as a reality check, a wake up call.

2/17/2011 6:29:09 PM

 Message Boards » Tech Talk » Anonymous speaks about HBGary Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.