Anatomy of the HBGary Hack

PCM2 writes "Recently, Anonymous took down the Web sites of network security firm HBGary. Ars Technica has the scoop on how it happened. Turns out it wasn't any one vulnerability, but a perfect storm of SQL injection, weak passwords, weak encryption, password re-use, unpatched servers, and social engineering. The full story will make you wince — but how many of these mistakes is your company making?"

Awesome

[cs668]

The story of their being hacked and how it was done has probably done more for systems security than they as a company ever have......

Mistakes

[codepunk]

But how many of these mistakes is your company making?

Most companies probably make these mistakes, all except the biggest mistake which was poking a sleeping bear.

The real mistake

[Fex303]

The full story will make you wince — but how many of these mistakes is your company making?

Well, we're not going after 4chan/anonymous, so we're probably in the clear.

I think the biggest security mistake it's possible to make is antagonizing the largest collection of bored hackers/crackers/script kiddies/associated hangers on that exists.

Incompetent

I'm just amazed at how completely oblivious "Chief Security Specialist" Jussi Jaakonaho was during the email correspondence, AND that he was perfectly fine with sharing root passwords via plaintext email.

How do these people even get security jobs and be negligent in even the simplest security practices?

Re:Definitely interesting....

[benjamindees]

It's more like a fire station burning down because the fire chief was being paid by the mayor to make molotov cocktails and throw them at local teenagers and one day they decided to throw one back and instead of putting the fire out the firemen screamed and ran around in circles and poured gasoline on it and the fire station exploded. But, yeah.