Launched a new section Breaking News Around The Globe. Did you miss any of volcanic news? Be updated before the news flashes on your news channel.
Learn How to Earn Online Money. Speak Asia Online Money Earning.

Receive Daily Updates

Enter your email address:

Saturday, May 7, 2011

Security Company Barracuda Networks Database Hacked by fdf (hmsec.org cr3w) via SQL Injection Attack

Security Company Barracuda Networks Database Hacked by fdf (hmsec.org cr3w) via SQL Injection Attack
Yet another security company was embarrassed over the weekend after a hacker broke into its marketing database. Barracuda Networks, which has an impressive security portfolio that includes the Barracuda Spam & Virus Firewall, Barracuda Web Firewall, as well as VPN and Web Application Firewall appliances, saw the names and email addresses of its employees and partners splashed online. Also posted were the MD5 hashes of passwords, as well as a list of databases on the server, leaving little doubt as to the authenticity of the digital break-in. Responding to the news late on Monday, Executive Vice President and CMO Michael Perone confirmed the compromised information on Barracuda's company blog. Apologizing for the inconvenience to those whose email addresses were exposed, Perone wrote:
The good news is the information compromised was essentially just names and email addresses, and no financial information is even stored in those databases. Further, we have confirmed that some of the affected databases contained one-way cryptographic hashes of salted passwords. However, all active passwords for applications in use remain secure.
The bad news though, was what led to the compromise by the hacker. The Barracuda Web Application Firewall (WAF) in front of the Barracuda Networks Web site was unintentionally placed in passive monitoring mode and was offline through a maintenance window that started Friday night (April 8 ) after close of business Pacific time. Starting Saturday night at approximately 5pm Pacific time, an automated script began crawling the Web site in search of unvalidated parameters. After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market. As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees. The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later. We have logs of all the attack activity, and we believe we now fully understand the scope of the attack.
Full Disclosure:Barracuda Networks Hacking via SQL Injection.
A disclosure by: fdf (hmsec.org cr3w) Shout to: Sorcerer, Kill_Tech, Y0y0, Sherina84, Tr4nsltr, Upxilon, Ghimau, otak and all Malaysian Hackers
LIST OF DATABASES: new_barracuda information_schema Marketing barracuda black_ips buniversity bware co-op collections cuda_car cuda_stats dev_new_barracuda igivetest igivetest_bk1_aug10 igivetestsucks kb_solutions leads mysql new_barracuda new_barracuda_archive php_live_chat phpmyadmin DB NAME: NEW_BARRACUDA TABLE NAME: DEAL_REG DATA COUNT: Count(*) of new_barracuda.deal_reg is 17549 SAMPLE DATA:
DB NAME: NEW_BARRACUDA
TABLE NAME: CMS_LOGINS
DATA COUNT: Count(*) of new_barracuda.cms_logins is 251
DATA:
DB NAME: NEW_BARRACUDA
TABLE NAME: BUNIVERSITY_USERS
DATA COUNT: Count(*) of new_barracuda.buniversity_users is 35
DATA:
DB NAME: MYSQL
TABLE NAME: USER
DATA COUNT: Count(*) of mysql.user is 23
DATA:

0 Visitor Reactions & Comments: