Visit me elsewhere:

Anonymous vs HBGary – Standard-Fehler der „Experten”

Wie Anonymous die „Security Experten” gehackt hat (ich hatte darüber geschrieben).

Letztlich hatten die Security Experten zahlreiche Fehler begangen die schon mit den Standard Best-Practices verhindert worden wären.

So what do we have in total? A Web application with SQL injection flaws and insecure passwords. Passwords that were badly chosen. Passwords that were reused. Servers that allowed password-based authentication. Systems that weren’t patched. And an astonishing willingness to hand out credentials over e-mail, even when the person being asked for them should have realized something was up.

The thing is, none of this is unusual. Quite the opposite. The Anonymous hack was not exceptional: the hackers used standard, widely known techniques to break into systems, find as much information as possible, and use that information to compromise further systems.