Not asp.net
The attacked pages are PHP (customer_verticals.php, a database called PHP_LIVE_CHAT). Not that there aren't plenty of asp.net sites vulnerable to the same treatment....
Try this for irony: The website of web application security provider Barracuda Networks has sustained an attack that appears to have exposed sensitive data concerning the company's partners and employee login credentials, according to an anonymous post. Barracuda representatives didn't respond to emails seeking confirmation of …
This is what happens when you hire pony tail web designer hacks that call themselves developers (giveaway is they actually think Adobe is great for the industry with their tools for web development for idiots). Sanitizing input is such hard work. It also requires somebody with some slight training in best practices (ie expensive developer). Nah my Uncle has done a few web pages, and using his adobe tools he works cheap too.
I like the explanation from them.
Why does corporate america get a pass when this type of thing would ruin a mom and pop company.
It's just e-mail addresses and names barracuda says.......
That's all, I mean heck we can all just get new e-mail addresses right; it's that easy.
We need a corporate stupidity tax that taxes these companies when things like this occur.
They enjoy all the tax-breaks and tax loopholes that small business doesn't. They can't win em all; we can't afford it.
This is almost too unbelievable to be true. A company that sells web application firewalls gets done by SQL injection? Are these guys serious? How are people meant to take the security industry seriously when the very companies peddling this stuff can't get it right?
How about their advice:
"You can’t leave a Web site exposed nowadays for even a day (or less)" Ehh.... you reckon?!
"You can’t be complacent about coding practices, operations or even the lack of private data on your site – even when you have WAF technology deployed" Ehh... you don't say?!
Would you buy balding prevention medicine from a bald sales guy?
Hmm, it's interesting the Barracuda is now looking for a Principal Software Engineer- Web Application Firewall Development on craigslist. From the posting:
"Responsibilities:
Design and implement features of Barracuda's Web Application Firewall (WAF) network security product. Improve scalability and performance of network services of Barracuda WAF. ..."