Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Security In General >> Security >> How Anonymous hacked HBGary
(Message started by: Pete Finnigan on Mar 3rd, 2011, 8:07am)

Title: How Anonymous hacked HBGary
Post by Pete Finnigan on Mar 3rd, 2011, 8:07am
Ars Technica explains how the hacker group Anonymous hacked security corporation HBGary.
http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars

The gist of it:
- They used a SQL injection leak in the Content Management Software
- They found tables with users, email addresses and MD5 password hashes.
- They hacked the MD5 password hash of the CEO because his password wasn't complex enough.
- HBGary apparently used Gmail as company mail and they used the account details of the CEO to log in. It worked.
- They used social engineering to ask the system administrator to give them access to the servers.

It's a very interesting read, if only that it shows that even firms that should be security experts are apparently at risk.



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board