MindyMcfly wrote:Very smart, we use CMS here.... hmmmmm
Every site uses a 'CMS', but the CMS with the name CMS that you might mean is not the custom made CMS used on the HBGary site.
Every web developer should know how to prevent simple cracks like mentioned in the article. In many custom made cases when software is unsafe, it's because it has been written too quickly in a limited timespan where the focus lies on looks rather than security. Customers don't want to pay for security, but they do pay for beauty. Dev companies will then simply make the decision to give the client what he pays for and nothing more. However, a good and fast programmer in a company like that should not make these mistakes.
Software that is being developed for years by many people (like this PHPBB forum) is usually much safer and hard to crack. However, if a security flaw is discovered, all the websites running the same version of the software are vulnerable. So it doesn't necessarily mean you're more secure, but if you patch/upgrade as often as possible you can avoid many problems.
The most fun part of this hack is the 'social engineering' part. The hacker tricked someone over e-mail into believing he was someone else and got him to open up ports and lower security. Something the famous hacker Kevin Mitnick was good at too.
All in all, this was not the most impressive hack in history, most script kiddies with some experience should be able to pull this off as well. 'Proper' hackers do something that hasn't been done before, like break into a bank
They exist.
