You are hereFierce CIO: What the hacking of HBGary means for you

Fierce CIO: What the hacking of HBGary means for you


February 16, 2011- The group of Internet activists known as Anonymous published tens of thousands of emails from the security research firm HBGary early this week, after the chief executive of an affiliate, HBGary Federal, said he planned to expose the identities of Anonymous' leadership. The activists, reportedly motivated by a plan by HBGary to discredit the anti-secrecy site WikiLeaks, also hacked HBGary's websites and Twitter accounts. If a security company can be so thoroughly compromised, is there hope for anyone else?

It turns out, according to a detailed account by Peter Bright at Ars Technica, that fairly simple flaws in HBGary's custom-built content management system combined with the poor password habits of some of its top executives enabled the hackers to use well-known techniques to breach the systems and gather information to be used to breach more systems.

"Unfortunately for HBGary, this third-party CMS was poorly written. In fact, it had what can only be described as a pretty gaping bug in it," Bright writes. "[I]f HBGary conducted any kind of vulnerability assessment of the software-which is, after all, one of the services the company offers-then its assessment overlooked a substantial flaw."

Worse, Bright continues, the passwords used by HBGary CEO Aaron Barr and COO Ted Vera were simple and easily compromised. "Proper handling of passwords--iterative hashing, using salts and slow algorithms--and protection against SQL injection attacks are basic errors," he writes. "Their system did not fall prey to some subtle, complex issue: It was broken into with basic, well-known techniques."

FULL STORY HERE:

Partners

Backbone Campaign
ReclaimDemocracy.org
ProsperityAgenda.us
Liberty Tree
Democrats.com
Progressive Democrats of America
AfterDowningStreet
Peoples Email Network
Justice Through Music
ePluribusMedia
Locust Fork Journal
Berkeley Fellowship UU\'s Social Justice Committee
BuzzFlash
The Smirking Chimp
Progressive Democrats Sonoma County
BanksterUSA
Center for Media and Democracy
Chelsea Neighbors United
Atlanta Progressive News
Yes Men
No Nukes North
ProsecuteThemNow.com