Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anatomy of the HBGary Hack

Posted by samzenpus on from the plan-of-attack dept.

PCM2 writes "Recently, Anonymous took down the Web sites of network security firm HBGary. Ars Technica has the scoop on how it happened. Turns out it wasn't any one vulnerability, but a perfect storm of SQL injection, weak passwords, weak encryption, password re-use, unpatched servers, and social engineering. The full story will make you wince — but how many of these mistakes is your company making?"

3 of 220 comments (clear)

  1. Mistakes by codepunk · · Score: 5, Insightful

    But how many of these mistakes is your company making?

    Most companies probably make these mistakes, all except the biggest mistake which was poking a sleeping bear.

    --


    Got Code?
  2. The real mistake by Fex303 · · Score: 5, Insightful

    The full story will make you wince — but how many of these mistakes is your company making?

    Well, we're not going after 4chan/anonymous, so we're probably in the clear.

    I think the biggest security mistake it's possible to make is antagonizing the largest collection of bored hackers/crackers/script kiddies/associated hangers on that exists.

  3. Incompetent by Anonymous Coward · · Score: 5, Insightful

    I'm just amazed at how completely oblivious "Chief Security Specialist" Jussi Jaakonaho was during the email correspondence, AND that he was perfectly fine with sharing root passwords via plaintext email.

    How do these people even get security jobs and be negligent in even the simplest security practices?