Forgot your password?
typodupeerror
Government Security The Military IT

HBGary Hack In Depth 65

Posted by timothy
from the injectification-nation dept.
Udo Schmitz writes "Heise's UK site has the English translation of an article from the latest issue of their magazine c't about Anonymous's HBGary hack. It shows that there was much more involved than just social engineering to get passwords, and how anonymous evolved following OpTunisia and OpEgypt."
This discussion has been archived. No new comments can be posted.

HBGary Hack In Depth

Comments Filter:
  • by WrongSizeGlass (838941) on Sunday March 06, 2011 @07:14PM (#35400994)
    HBGary's systems were just riddled with security holes. From URL parameters that weren't scrubbed to straight MD5 password hashing to using the same password for several (and possibly many) accounts on different systems (servers, email, Twitter, LinkedIn, etc). I'm sure glad something as important as our government didn't use their security services. Oh, wait ... D'oh!
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Interestingly, HBGary Federal never won any actual government contracts.

  • by AmonTheMetalhead (1277044) on Sunday March 06, 2011 @07:18PM (#35401030)
    Check out Ars Technica's coverage, much much better
  • I just wonder if Skynet can be powered by human brain cells.
    Also a lot of other sci-fi stuff comes to mind, including Azimov's Foundation.

    • We have an internet provider called Skynet [skynet.be] over here (Belgium), and it definitely is not powered by any kind of brain related things, greed on the other hand...
  • New villain (Score:4, Funny)

    by proverbialcow (177020) on Sunday March 06, 2011 @07:38PM (#35401142) Journal
    Why do I get the feeling HBGary is just filling the void left by SCO as Slashdot's "villain to post about in the absence of real news"?
    • Hey, we got Apple for that!
    • by hilather (1079603)

      Why do I get the feeling HBGary is just filling the void left by SCO as Slashdot's "villain to post about in the absence of real news"?

      I was really hoping Oracle with their attack on Android would fill that void... HBGary is just the comic relief.

  • by Anonymous Coward on Sunday March 06, 2011 @07:52PM (#35401216)

    We can all be anonymous. It helps to really know what you're doing, it helps to have no "skeletons" in the closet, it helps to have some passion about what's happening in the world and to want to do something about it. Who's in control? Does that matter? We all can be anonymous.

    ---Jack O

  • What a waste of time (Score:5, Interesting)

    by Anonymous Coward on Sunday March 06, 2011 @07:56PM (#35401238)

    Don't bother reading this article, it's horribly written and not particularly correct. They make it sound like HBGary Federal was some giant security company when in reality is was a small-time 4 person company. Oh my god you broke into a 4 person company's email and the idiot manager's twitter account!

    So tired of seeing this "hack" replayed on Slashdot.

    • by Runaway1956 (1322357) on Sunday March 06, 2011 @11:13PM (#35402224) Homepage Journal

      Actually, you overplay your attempt to downplay HBGary Federal. While they never actually won any government contracts, they did have credibility with the US government, they did have access to a lot of "insider" stuff, and they were in negotiations with other contractors to provide some rather big-time stuff. They enjoyed the backing of their parent company, a major figure in the corporate world.

      Note that I do NOT claim that thier credibility was justified, nor do I claim that their wares were anything more than vaporware - but they were much, much more than some upstart company operating on less than a shoestring in someone's garage with only 4 employees.

  • by Anonymous Coward

    hbgary was foolish. hbgary got punked.

    we all laughed.

    NEXT!

  • Old news (Score:2, Offtopic)

    by aztektum (170569)

    Seriously, Taco, just turn the site into an RSS portal with a comments section. The horrid summaries, old news and dupes are not helping.

    Slashdot was ahead of the game 12 years ago, but now it's a dying horse. Time to try something new.

    • by scubamage (727538)
      Slashdot, like /b/, was always dying, and will always be dying. Kinda like a hypocondriac with access to a medical encyclopedia and too much spare time.
    • You forget that it's the YOU that make or break the site. So if Slashdot still has the interest of some sharp folks out there, with excellent insight and comments, then it's still a viable site. Note the crazy topsy-turvy world of Digg (talk about dupes and poor summaries), now there's Reddit, and others, and I guess Facebook, but as long as Slashdot attracts good readers, they'll do fine.
  • Doesnt this spark anything in the minds of the local hackers and crackers out there? security in buisnessess are low. why? The fear of being hacked is unfeasible because people who dont know what they are doing trust people who say they know what they are doing but accually are being payed to watch the "ping" and "pong" of packets between two servers in the company. Time to start hacking again...make the government quake at the mention of hackers like what used to happen. My suggestion....packet flood a ne

Genius is ten percent inspiration and fifty percent capital gains.

Working...