Oracle Security is easier if you design for it
View Profile | WWW | Email
How Anonymous hacked HBGary
« on: Mar 3rd, 2011, 8:07am »
Quote | Modify
Ars Technica explains how the hacker group Anonymous hacked security corporation HBGary.
The gist of it:
- They used a SQL injection leak in the Content Management Software
- They found tables with users, email addresses and MD5 password hashes.
- They hacked the MD5 password hash of the CEO because his password wasn't complex enough.
- HBGary apparently used Gmail as company mail and they used the account details of the CEO to log in. It worked.
- They used social engineering to ask the system administrator to give them access to the servers.
It's a very interesting read, if only that it shows that even firms that should be security experts are apparently at risk.