back to article Hack attack spills web security firm's confidential data

Try this for irony: The website of web application security provider Barracuda Networks has sustained an attack that appears to have exposed sensitive data concerning the company's partners and employee login credentials, according to an anonymous post. Barracuda representatives didn't respond to emails seeking confirmation of …

COMMENTS

This topic is closed for new posts.

Not asp.net

The attacked pages are PHP (customer_verticals.php, a database called PHP_LIVE_CHAT). Not that there aren't plenty of asp.net sites vulnerable to the same treatment....

0
0
Silver badge
Flame

but web devs are such a 1337 bunch

This is what happens when you hire pony tail web designer hacks that call themselves developers (giveaway is they actually think Adobe is great for the industry with their tools for web development for idiots). Sanitizing input is such hard work. It also requires somebody with some slight training in best practices (ie expensive developer). Nah my Uncle has done a few web pages, and using his adobe tools he works cheap too.

1
1
Silver badge

Check before hiring!

Employment interview for web programmers:

Question 1: Who is little Bobby Tables?

6
0
Anonymous Coward

bobby

isn't he the little boy whose school doesn't sanitize user input? Got to love xkcd.

0
0
Anonymous Coward

And..

And they run MySQL > 5.0 too if there's an information_schema table...

0
0
FAIL

Almost certainly *not* salted.

Take a look at all the duplicated hashes in the MYSQL.USER table.... the same password should not hash the same way twice if you're salting it properly. This table clearly isn't.

0
1
FAIL

Nope

The salt doesn't have to be random per user to be beneficial, though it definitely helps.

0
0

haha haha ha

I like the explanation from them.

Why does corporate america get a pass when this type of thing would ruin a mom and pop company.

It's just e-mail addresses and names barracuda says.......

That's all, I mean heck we can all just get new e-mail addresses right; it's that easy.

We need a corporate stupidity tax that taxes these companies when things like this occur.

They enjoy all the tax-breaks and tax loopholes that small business doesn't. They can't win em all; we can't afford it.

0
0
WTF?

Another one

This is almost too unbelievable to be true. A company that sells web application firewalls gets done by SQL injection? Are these guys serious? How are people meant to take the security industry seriously when the very companies peddling this stuff can't get it right?

How about their advice:

"You can’t leave a Web site exposed nowadays for even a day (or less)" Ehh.... you reckon?!

"You can’t be complacent about coding practices, operations or even the lack of private data on your site – even when you have WAF technology deployed" Ehh... you don't say?!

Would you buy balding prevention medicine from a bald sales guy?

2
0

Ha, Barracuda is now looking for a Principal WAF Engineer

Hmm, it's interesting the Barracuda is now looking for a Principal Software Engineer- Web Application Firewall Development on craigslist. From the posting:

"Responsibilities:

Design and implement features of Barracuda's Web Application Firewall (WAF) network security product. Improve scalability and performance of network services of Barracuda WAF. ..."

0
0
This topic is closed for new posts.

Forums