- This topic has 15 replies, 13 voices, and was last updated 9 years, 11 months ago by
WCNA.
-
AuthorPosts
-
-
February 17, 2011 at 12:54 pm #6099
caissyd
ParticipantThe Social Engineering part is especially good! ;D
-
February 17, 2011 at 5:49 pm #38112
AndyB67
ParticipantA brilliant piece of work by Anon and a damming enditment of HBGary!
-
February 17, 2011 at 6:00 pm #38113
alucian
ParticipantUau!
Nicer than an action movie 🙂
-
February 17, 2011 at 6:33 pm #38114
Anonymous
ParticipantI find this situation insanely entertaining, is that wrong? It appears the initial vectors of attack were pretty straight forward, the social engineering aspect of it is almost ridiculous. The biggest portion of this attack that is so alarming is how many private companies, government agencies and foreign interests had some involvement with HBGary, and now they are suddenly exposed…….the kinetic damage from the poor security practices by HBGary.
-
February 21, 2011 at 2:26 am #38115
maxpeck
ParticipantLike a guy that runs a Dojo getting his butt kicked by a group of 10 year olds 😉
-
February 22, 2011 at 2:55 pm #38116
timmedin
ParticipantThere have a number of security companies pwned in the last few years. I’d be shocked if a number of the bigger companies wouldn’t also be pwnable, especially when you count the SE attacks. The SE attacks aren’t a pass/fail, its a question of what percentage of the people will fall for it.
-
February 22, 2011 at 6:19 pm #38117
digitalsecurity4u
ParticipantMaking yourself the poster child of how not to run a security company, nice. If they ever recovery its going to be a while and no steak is going to remove that black eye. The using of the same password accross domains (company and internet) really kills me.
-
March 2, 2011 at 3:01 am #38118
timmedin
Participant@digitalsecurity4u wrote:
Making yourself the poster child of how not to run a security company, nice.
I actually appreciate someone trying to take on Anonymous. Whether you support the cause that Anonymous stands for, what they are doing *is* illegal. And we supporting an “ends justify the means” approach is very dangerous.
If they ever recovery its going to be a while and no steak is going to remove that black eye.
They are dead. My understanding is that they have two employees left.
The using of the same password accross domains (company and internet) really kills me.
Yeah, not a great idea, but I can guarantee they they aren’t the only security company doing it.
-
March 3, 2011 at 9:05 am #38119
lorddicranius
Participant@timmedin wrote:
If they ever recovery its going to be a while and no steak is going to remove that black eye.
They are dead. My understanding is that they have two employees left.
Aaron Barr has finally resigned. When you say only 2 employees left, is that just HBGary Federal, or HBGary? Reading the chat logs from when Penny Leavy was pleading with Anonymous in their IRC channel, she made it clear that HBGary had only invested money in HBGary Federal, that they were separate companies. I haven’t heard much about HBGary and was wondering how they were doing compared to HBGary Federal.
-
March 3, 2011 at 1:00 pm #38120
red rail
ParticipantIt seems as though his compromise for usability vs security met a sad fate. I assume that he set his websites/accounts up thinking that he had no reason to be excessively secure. For a security company, this is unacceptable. Most of us make these common mistakes in the sake of thinking, “Its good enough”…. and it usually is… because were not starting trouble for ourselves with a group known to be successful with disrupting services. I still fail to see what he was trying to accomplish? Even if he was completely secure (by theory), he would still be susceptible to DDoS attacks, that they are known to use, that would disrupt the day to day operations of his websites.. there really was no ‘winning’ outcome. His arrogance caused his downfall.. and he will have that story to tell for the rest of his life.
-
March 11, 2011 at 1:55 pm #38121
yatz
ParticipantNot to beat a dead horse, but I got a kick out of this one. It came across Twitter this morning.
The HBGary saga, depicted as a Spy v. Spy cartoon.
http://www.businessweek.com/magazine/content/11_12/b4220066673859.htm
-
March 11, 2011 at 7:28 pm #38122
caissyd
ParticipantThanks yatz, it is very funny!!! 🙂
-
March 11, 2011 at 10:47 pm #38123
tturner
ParticipantYou guys see the email about Hbgary trying to out-nmap nmap?
http://seclists.org/nmap-dev/2011/q1/767
This scanner would not take us very long to write, and it would BLOW
THE BALLS OFF OF NMAP.::)
-
March 11, 2011 at 11:10 pm #38124
lorddicranius
ParticipantThat cartoon and especially that email regarding nmap, too funny ;D
-
March 12, 2011 at 12:39 am #38125
dynamik
ParticipantSchneier put together a great list of Ars Technica articles that went in-depth and contain some pretty interesting information: http://www.schneier.com/blog/archives/2011/02/anonymous_vs_hb.html
-
March 14, 2011 at 12:25 pm #38126
WCNA
ParticipantThat out-nmapping-nmap article is pretty funny. Here’s something else I find odd about their proposed traceroute program:
“… we can send all TTL packets in one microsecond, instead of waiting for each one to come back before sending the next.”Correct me if I’m wrong but doesn’t that presuppose that you know every route from anywhere to anywhere? If I ping some box (anywhere), won’t it most likely do this:
my box>default gw(dgw) >dgw >dgw >bgp (or MPLS)>bgp >routing lookup (rl) >rl >rl >mac lookup >target boxTo send “all TTL packets in one microsecond” you would have to know all those addresses listed above beforehand.
So for a standalone, distributable program, it would 1)have to be huge to hold all routes (and probably slow) & 2)update its routes constantly. Anyone that has watched one of the realtime BGP looking glasses would see how often routes change, not to mention redundant connections and load balancing.
-
-
AuthorPosts
- You must be logged in to reply to this topic.