Michal Zalewski gives a biting commentary

…the purported details of the attack on HBGary – a horribly vulnerable, obscure CMS; unpatched internal systems; careless password reuse across corporate systems and Twitter or LinkedIn; and trivial susceptibility to e-mail phishing – are a truly fascinating detail. These tidbits seem to imply either extreme cynicism of their staff… or an ubelievable level of cluelessness. And from a broader perspective, both of these options are pretty scary.

Oh, the ironic part? Despite all the lofty rhetoric, looks like in the end, they have been undone by just a bunch of bored kids.

At least China is still off the hook…for now.

Couldn’t help but notice the breach report simplicity: a simple SQL query produced the password hashes and then an easy brute-force produced the passwords. The passwords were the same on many different sites.

The exact URL used to break into hbgaryfederal.com was

http://www.hbgaryfederal.com/pages.php?pageNav=2&page=27.

[…]

[T]he hbgaryfederal.com CMS used MD5. What’s worse is that it used MD5 badly: there was no iterative hashing and no salting.

[…]

[And they] used passwords that were very simple; each was just six lower case letters and two numbers.

Yeah, oops on several counts.

Maybe, just maybe, this will help the PCI Council change their position on MD5. It would be great to get some pressure again to fix the ten-year old security flaws. Compliance regulations are one of the most effective ways to move that dial.

Updated to add: Colbert on HBGary — it was a government subversive plot to undermine journalists and proves they can’t get anything right:

One of the more interesting things about new information sources is how they are influenced by a global market in commodity communication devices. Al Jazeera, for example, is one of the top-rated sources of news at the top of the “popular” news application lists for the Symbian mobile operating system. It offers 24-hour live english Al Jazeera television with a stunningly clear picture quality. In addition, when I turn on the Internet radio player bundled for free into a Nokia E72 I see top ranked stations from Asia, the Middle-East…and all over Europe. Scrolling through the stations is like taking a tour of the world’s languages.

This was one of the reasons I was surprised when I discarded all of my nicely packaged but fragile and expensive Apple devices. Without the iPhone I found more freedom — I suddenly had far more information available on my mobile from many more sources yet it was also easier. It is from this perspective that I find the SFGate post on Al Jazeera a bit puzzling.

You can watch Al Jazeera on TV almost anywhere in the world – except in the United States. How is this possible in our nation where freedom of the press is a basic constitutional tenet? Just what do cable and satellite carriers fear?

Al Jazeera English has received nearly universal raves as one of the best sources of news about events in Egypt. Mainstream journalists wrote reviews praising its coverage. Bloggers blogged about being glued to their computers or mobile devices to watch Al Jazeera.

The Cable and Satellite carriers probably just do not see the competition on the wall. The iPhone is similar. Apple executives lagged behind due to their limited definition of success — an American distribution model and market. I am certain even Apple has started to catch up a little since it obviously can see the stats and comments from iUsers who iDownload iJazeera from iTunes.

Why can’t our American networks provide 24×7 live streaming coverage for our phones? Oh, that’s right – they’re too busy thinking how they can squeeze every bit of profit out of the viewership instead of finding better/innovative ways of keeping people informed.

Anyways, the app/streaming just works. Period. A novel concept these days.

This is what freedom of information looks like.

So I have a hard time agreeing with the point that access is lacking in the United States just because the major networks offer disappointing coverage. I watched the BBC struggle to find an audience in America for more than a decade, with little impact outside of radio, yet I still read, listened and watched it all the same using German and Japanese-made electronics. I do not see Al Jazeera as any more welcome or any less viewable with the new generation of communications equipment.

It seems more accurate to say TV executives see little need to serve quality content and local and diverse news on TV because they do no see it as their market. They aim low; FOX shows this time and again by claiming success with their vapid analysis and empty news. Another example is the recent attempt by conservative extremists to ban public broadcasting in America.

…there’s a huge flaw in this notion of budgetary justice. The ax is raised to penalize the left, but it’s going to fall squarely on the center. […] Unlike stations in urban areas, which have more options and deep-pocketed benefactors to recover from the proposed cuts, stations such as High Plains would be faced with doing without, if they could continue to operate at all. They would lose the ability to air some national news programs, and their local news and information programming would take a huge hit.

We mention High Plains because it embodies the very notion of public broadcasting — to serve those who would not otherwise be served.

With consumers shifting to mobile content on commodity communication devices, a US policy-shift towards a shutdown (politically-motivated cleansing by the government) of quality domestic broadcasting is likely to benefit competing foreign news sources the most.

The Al Jazeera English global footprint continues to grow, broadcasting to more than 220 million households in more than 100 countries. […] Al Jazeera is the most watched news channel on You Tube, receiving 2.5 million views per month. Launched on April 16, 2007, the Al Jazeera English YouTube site has more than 10,000 videos currently live on the English channel.

Al Jazeera quickly has become popular despite little or no US network coverage and already has proven what delivering content looks like to those who would not otherwise be served.

It seems a team of scientists have set out to determine why animals hesitate in the face of risk.

Dogs and cats, even birds, hesitate and I was certain this had to do with uncertainty. A presentation yesterday gives new data on the matter and apparently proves, without a doubt, that at least monkeys and dolphins can have doubts.

Humans have feelings of doubt and confidence, and of certainty and uncertainty. You know if you do not know or remember — a perfect example of this is when something is on the tip of your tongue. This ability to evaluate and predict one’s own mental performance is known as metacognition. It is one of our most sophisticated cognitive capacities and has even been thought to be uniquely human. Metacognition rivals language and tool use in its potential to reveal similarities and differences between human and animal minds. This session presents this rapidly developing area and is convened by the European Science Foundation. It will explore how newly devised experimental paradigms, testing metacognition in dolphins and monkeys, show that it is not a uniquely human talent.

Are you sure I can trust you not to eat me?