Security Firm Barracuda Networks Embarrassed by Hacker Database Break-in

Even the mighty security firm Barracuda was hacked through the simplest, well-known, and commonly-used exploits.

Barracuda’s firewall was accidentally put into passive monitoring mode, which means it lets all the traffic through without doing any analysis or blocking and was essentially doing nothing since late evening April 8. This gave the attacker sufficient time to poke around via an automated script to crawl the site.

It took approximately two hours of “nonstop” probing before the intruder discovered a SQL injection flaw in a PHP script used to display customer case studies. That error allowed the attacker entry into the database used for marketing programs and sales lead development efforts. The customer case study database was on the same system as the one used for marketing programs.

Do you have a way of monitoring the status of your firewall?  Are internal apps as hardened as external applications?

via Security Firm Barracuda Networks Embarrassed by Hacker Database Break-in – Security – News & Reviews – eWeek.com.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s