Hackers breached the security of a defense industry news website and stole sensitive subscriber information that could be used in attacks targeting the US military and its contractors. Gannet Co., publisher of DefenseNews, disclosed the bad news in an advisory published Monday. Data exposed included subscribers' first and last …
Goes to show that sometimes, there is no such thing as "good enough security".
Though, really, passwords? Which implies they were stored unhashed? Maybe I'm just nitpicking. After all, with the data they had, Gannet probably thought the lock of the safe was unbreakable anyway.
They are not sure how it happened
Come on we all know it will be either
A) SQL Injection due to shit coding
B) Someone opened an email attachment inside the LAN
I can confirm it was SQLi in this case.
RE: They are not sure how it happened
Don't forget the obvious answer: the gov were running Winblows
Right! Because SQLi attacks only work against M$ platforms!!!
Oh, wait ...
May be a ring of truth but as a committed Linux and OSX user even I had to down vote that one!
I thought from the title that it was a govt/military site that was hacked, not a public site.
Mind you, those concerned should not have given this site anything more than the essentials (what is needed to subscribe) - and definitely not details about their position within any government/military organisation. Fail on them if they have.
Guilty of this one myself ...
I'm in the British Army. On a US military kit site, I gave my country and arm of service to get the military discount. Combine that with the standard e-commerce stuff and I'm a big fat spear-phishing target.
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Analysis Pity the poor Windows developer: The tools for desktop development are in disarray
- Chromecast video on UK, Euro TVs hertz so badly it makes us judder – but Google 'won't fix'
- Analysis BlackBerry's turnaround relies on a secret weapon: Its own network
- Hire and hold IT staff in 2015: The Reg's how-to guide