Try this for irony: The website of web application security provider Barracuda Networks has sustained an attack that appears to have exposed sensitive data concerning the company's partners and employee login credentials, according to an anonymous post. Barracuda representatives didn't respond to emails seeking confirmation of …
The attacked pages are PHP (customer_verticals.php, a database called PHP_LIVE_CHAT). Not that there aren't plenty of asp.net sites vulnerable to the same treatment....
but web devs are such a 1337 bunch
This is what happens when you hire pony tail web designer hacks that call themselves developers (giveaway is they actually think Adobe is great for the industry with their tools for web development for idiots). Sanitizing input is such hard work. It also requires somebody with some slight training in best practices (ie expensive developer). Nah my Uncle has done a few web pages, and using his adobe tools he works cheap too.
Check before hiring!
Employment interview for web programmers:
Question 1: Who is little Bobby Tables?
isn't he the little boy whose school doesn't sanitize user input? Got to love xkcd.
And they run MySQL > 5.0 too if there's an information_schema table...
Almost certainly *not* salted.
Take a look at all the duplicated hashes in the MYSQL.USER table.... the same password should not hash the same way twice if you're salting it properly. This table clearly isn't.
The salt doesn't have to be random per user to be beneficial, though it definitely helps.
haha haha ha
I like the explanation from them.
Why does corporate america get a pass when this type of thing would ruin a mom and pop company.
It's just e-mail addresses and names barracuda says.......
That's all, I mean heck we can all just get new e-mail addresses right; it's that easy.
We need a corporate stupidity tax that taxes these companies when things like this occur.
They enjoy all the tax-breaks and tax loopholes that small business doesn't. They can't win em all; we can't afford it.
This is almost too unbelievable to be true. A company that sells web application firewalls gets done by SQL injection? Are these guys serious? How are people meant to take the security industry seriously when the very companies peddling this stuff can't get it right?
How about their advice:
"You can’t leave a Web site exposed nowadays for even a day (or less)" Ehh.... you reckon?!
"You can’t be complacent about coding practices, operations or even the lack of private data on your site – even when you have WAF technology deployed" Ehh... you don't say?!
Would you buy balding prevention medicine from a bald sales guy?
Ha, Barracuda is now looking for a Principal WAF Engineer
Hmm, it's interesting the Barracuda is now looking for a Principal Software Engineer- Web Application Firewall Development on craigslist. From the posting:
Design and implement features of Barracuda's Web Application Firewall (WAF) network security product. Improve scalability and performance of network services of Barracuda WAF. ..."