Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 17th February 2011
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,503
Default More background on the US security firm break-in

From http://www.h-online.com/security/new...n-1191797.html

Ars Technica has documented the background of the break-in at the US security firm that tried to expose Anonymous but ended up being taken apart itself. The report explains that the attackers' point of entry was a proprietary CMS which was custom-designed for HBGary. The CMS reportedly failed to sufficiently check certain input parameters and this enabled the attackers to send SQL commands to the database via specially crafted URLs. This apparently allowed them to retrieve the CMS users' password hashes, which turned out to be simple, unsalted MD5 hashes that presented an easy target for a rainbow table attack.
I can really recommend to read the Ars Technica link in the article. It explains in very understandable language what went wrong, and what we can learn from it.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Grey checkered background before kdm jewsofeast OpenBSD General 5 10th January 2011 02:37 PM
Gawker break-in: 123456 is a popular password Carpetsmoker News 1 15th December 2010 05:01 PM
Terminal background goes red stobbard OpenBSD General 5 11th May 2010 09:42 AM
NetBSD New security advisories J65nko News 0 16th January 2010 12:05 PM

All times are GMT. The time now is 05:16 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick