KE4ZNR All American 2695 Posts user info edit post |
http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars
Very well written article from ARS on how Anonymous was able to destroy HBGary.
This should be required reading for any I.T. Geek. 2/16/2011 12:06:55 AM |
lewisje All American 9196 Posts user info edit post |
TL;DR: MD5hit and SQLOL injection 2/16/2011 2:31:41 AM |
BIGcementpon Status Name 11319 Posts user info edit post |
Don't forget "social engineering."
Pretty interesting read. Thanks 2/16/2011 2:59:22 AM |
EuroTitToss All American 4790 Posts user info edit post |
No salting either.
I just sent this to my team. I've been handling a lot of security lately, so some of this seems down right retarded (especially for a security company). Here's a good article on rainbow tables... every other place I've seen it explained incorrectly: http://kestas.kuliukas.com/RainbowTables/ 2/16/2011 9:39:28 AM |
quagmire02 All American 44225 Posts user info edit post |
Quote : | "No salting either." |
hah, really? 'twas asking for it2/16/2011 9:44:07 AM |
wwwebsurfer All American 10217 Posts user info edit post |
I had to brush my shoulders off after reading that. We look like fort knox compared to a government security company .
Some of this stuff is just plain DUMB. I use the crap out of some MD5, but for nothing security related - it's packed with holes - just to verify file transfer integrity. And keys for SSH? Then sending the root passwords over plain email? Geez. 2/16/2011 9:58:27 AM |
BobbyDigital Thots and Prayers 41777 Posts user info edit post |
Yeah that was probably the most egregious of a laundry list of negligent failures. 2/16/2011 10:19:27 AM |
CharlesHF All American 5543 Posts user info edit post |
Very interesting article -- thanks for the link. 2/16/2011 10:27:49 AM |
Pikey All American 6421 Posts user info edit post |
As dumb as it was in hindsight, I feel bad for Jussi. If the CEO or president of the company is emailing me from his addy asking for his login credentials, I would have given them to him too. 2/16/2011 11:16:23 AM |
wwwebsurfer All American 10217 Posts user info edit post |
^you make a valid point
However, our CEO/President is pretty clueless. If he was asking for that level of credential I'd be monitoring it like a hawk. He wouldn't waste time doing it himself, he'd have me retrieve it and send it to him.
Of course I'd never open a hole in a firewall for almost any purpose (well, on anything production.) We've got VPN for a reason.
Many, many failures here - just a perfect storm for the hackers. 2/16/2011 12:14:52 PM |
Pikey All American 6421 Posts user info edit post |
Also, I feel like any form of 'jabberwocky' is a pretty common password. I think it was used at some point at my work for something. 2/16/2011 12:40:09 PM |
Tarun almost 11687 Posts user info edit post |
2/16/2011 12:50:22 PM |
darkone (\/) (;,,,;) (\/) 11611 Posts user info edit post |
I wonder how many of those security shortcomings TWW is vulnerable to? 2/16/2011 4:31:38 PM |
Duncan All American 1442 Posts user info edit post |
^ It would take a pretty bored hacker to attack TWW. Besides, I doubt there are any blatant security holes.
DISREGARD THAT, I SUCK COCKS. 2/16/2011 4:46:37 PM |
raiden All American 10505 Posts user info edit post |
Sounds like a well executed hack on a deserving target. 2/17/2011 6:09:02 AM |
stevedude hello 4763 Posts user info edit post |
HACK THE PLANET 2/17/2011 10:36:13 AM |
KE4ZNR All American 2695 Posts user info edit post |
Sounds like a well executed hack on a deserving target.
Indeed....seems some media outlets out there are portraying this situation as "EVIL ANONYMOUS hacks poor innocent defenseless little pride of America HBGary".
I am glad that company is ruined. And the fact that that arrogant prick Aaron Barr will now be reduced to working the drive through at Wendys gives me a certain satisfaction. 2/17/2011 5:52:52 PM |
WolfAce All American 6458 Posts user info edit post |
It should serve as a reality check, a wake up call. 2/17/2011 6:29:09 PM |