Security Company Gets Hacked{6}


The article i chose for this week is titled “Security Firm Barracuda Networks Embarrassed by Hacker Database Break-in”. Barracuda took down their firewall for maintenance for no more than a few hours before an attacker was able to infiltrate it. According to barracuda, the attacker discovered an SQL injection flaw in a PHP script used to display customer case studies. The attacker was able to get employee passwords that were encrypted using MD5 hashing algorithm, which is considered outdated by today’s standards. Jason Reed, director of security and compliance at SystemExperts states “Security companies don’t always practice what they preach, leaving themselves vulnerable to attacks like this.”. According to the article, the attacker used a blind SQL injection attack which means “the errors and results from the malicious SQL queries are not displayed directly to the attacker. Instead, the attacker has to write complicated code to expose little bits of the data at a time and then recreate the information.”. Barracuda apologized for the incident in the blog post and said it was notifying affected individuals.

This is an interesting topic and it relates to class because we are using sql statements. I find it amazing what can be accomplished with SQL. What i find strange is that a security company such as Barracuda could make such an elementary mistake.

This incident places Barracuda on the spot, i wonder what their customers thought of when they heard the news. Not only is this embarrasing for them but it speaks volumes of their procedures and how they handle their own systems. This is an eye opener for security companies; never let your guard down.

 

Citation:

Rashid, Y., F. (2011, April 12). Security Firm Barracuda Networks Embarrassed by Hacker Database Break-in. Retrieved from http://www.eweek.com/c/a/Security/Security-Firm-Barracuda-Networks-Embarrassed-by-Hacker-Database-Breakin-729619/