Wednesday :: Feb 16, 2011

Open Thread

by Mary

So what allowed Anonymous to bring HBGary down? A bunch of careless errors and well-known security flaws. Namely:

A Web application with SQL injection flaws and insecure passwords. Passwords that were badly chosen. Passwords that were reused. Servers that allowed password-based authentication. Systems that weren't patched. And an astonishing willingness to hand out credentials over e-mail, even when the person being asked for them should have realized something was up.

This story keeps getting more fascinating.

Mary :: 12:30 AM :: Comments (1) :: Digg It!