The Anonymous attack on HBGary may convey amused around who enjoyed the sight of a safety draw of piece of occupation solid left embarrassed as well as exposed, only it should ship a shake downward the spine of whatever information technology administrator responsible for securing their ain company.
Because tin you lot honestly set your mitt on your pump as well as nation a hack similar the 1 against HBGary couldn't come about at your organisation too?
As Ars Technica explains, a weakness inwards a third-party CMS production used past times HBGary's website allowed Anonymous hackers to pocket passwords that employees used to update the webpages.
Unfortunately they were passwords that weren't encrypted strongly enough, as well as were possible to fissure amongst a rainbow-table based attack. Amongst those exposed were CEO Aaron Barr as well as COO Ted Vera.
Worse still, it appears that Aaron Barr as well as Ted Vera were using the same passwords for their Twitter as well as LinkedIn accounts, as well as fifty-fifty for an draw of piece of occupation organisation human relationship which administered the entire company's email.
By exploiting software vulnerabilities, misfortunate passwords as well as fifty-fifty around tried-and-trusted social technology scientific discipline (see below) it was piffling for the hackers to pocket the entire company's e-mail as well as deface its website.
As Chet explained inwards an earlier article, an employee non seeking proper verification when a companionship executive patently asks for handle tin resultant inwards a corporate disaster.
But to a greater extent than than that, it's also essential that all staff acquire nigh how to role passwords properly.
For instance, don't use easy-to-crack or obvious passwords. If you lot do, you're call for for trouble.
And it's critical that dissimilar passwords are used for dissimilar accounts. That means if your password gets exposed inwards 1 place, in that location won't endure a domino outcome every bit a serial of other accounts are unlocked past times criminals using the same credentials.
Unconvinced past times the scale of the problem? Well, Our interrogation has constitute that 33% of people role the same password on every unmarried website.
In wake of the attack, HBGary withdrew from the RSA Conference taking house inwards San Francisco this week, as well as replaced their booth amongst a sign:
Read the in-depth piece by Ars Technica now, investigating how the HBGary hack occurred, as well as acquire lessons which you lot tin apply within your ain company. After all, you lot don't desire to endure the adjacent draw of piece of occupation solid to convey to set upward a sign similar that.
Share This :
comment 0 Comments
more_vert