Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Oct 27th, 2021, 2:00am
News: If you would like to register contact the forum admin
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Security In General
(Moderator: Pete Finnigan)
   How Anonymous hacked HBGary
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: How Anonymous hacked HBGary  (Read 5812 times)
Pete Finnigan Administrator

Oracle Security is easier if you design for it

View Profile | WWW | Email

Gender: male
Posts: 309
How Anonymous hacked HBGary
« on: Mar 3rd, 2011, 8:07am »
Quote | Modify

Ars Technica explains how the hacker group Anonymous hacked security corporation HBGary. ide-story-of-the-hbgary-hack.ars
The gist of it:
- They used a SQL injection leak in the Content Management Software
- They found tables with users, email addresses and MD5 password hashes.
- They hacked the MD5 password hash of the CEO because his password wasn't complex enough.
- HBGary apparently used Gmail as company mail and they used the account details of the CEO to log in. It worked.
- They used social engineering to ask the system administrator to give them access to the servers.
It's a very interesting read, if only that it shows that even firms that should be security experts are apparently at risk.
IP Logged

Pete Finnigan (
Oracle Security Web site:
Oracle security blog:
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board