HMSec claims a Barracuda Networks “customer_verticals.php” page has led to a breach of the company’s sensitive data. A list of databases, usernames, and password hashes have been posted as proof of the exploit.
Barracuda Networks is perhaps best recognized for developing a fleet of tired old fuel guzzling vehicles they drag around for marketing campaigns to promote “email and web security” products.
At RSA 2011 in San Francisco the company publicized that they were sparing no expense to rent a strip club for an invitation-only “VIP” party. Although they did their best to promote the event as exclusive and posh, little could be done to hide the fact that the club is known locally for its $5 buffet including peep show.
The company may be asking itself now whether the cost spent appealing to desires of a certain demographic was balanced versus the cost of securing sensitive customer data against the much larger and greater diversity of attackers…. Could this be a good candidate for a MasterCard “priceless” commercial?
Back to the point, the evidence posted shows not only the continued risk of remote SQL injection, including blind attacks, but yet another database of unsalted MD5 hashes (note the duplicate hash values — root has the same as another user) has been exposed within a security product company.
Yeah didn’t know that about that place until the security blogger meetup had a bunch that said were going so I went along. The door guys said we all were not welcome. Some got in by sneaking in and what but I left. Glad I left too, as they had stomach flu next day. I work in large enterprise and never ever see Barracuda products. They prob don’t care about this breach in the news because their base is SMB who don’t keep up with it anyway.
you sound like some pissed off little boy that didn’t get invited to this strip club??
shit happens bud
@scorpi0n, thanks for your comment. Good point about the SMB market. You probably found the crowd at the blogger event going because Barracuda was one of their sponsors and so they kept promoting the party and inviting everyone there. I heard about the stomach flu from others but thought it was another event. Sadly ironic if security pros are getting sick and spreading illness at a security conference; maybe less so than a health care conference.
@cgrinder, I don’t think scorpi0n sounds pissed off, little or boyish. Not sure it matters how she sounds or who she sounds like anyway. She makes a good point.
Your “shit happens” attitude is an interesting approach to risk management in light of this breach.