back to article Hack attack spills web security firm's confidential data

Try this for irony: The website of web application security provider Barracuda Networks has sustained an attack that appears to have exposed sensitive data concerning the company's partners and employee login credentials, according to an anonymous post. Barracuda representatives didn't respond to emails seeking confirmation of …


This topic is closed for new posts.
  1. pj3090


    The attacked pages are PHP (customer_verticals.php, a database called PHP_LIVE_CHAT). Not that there aren't plenty of sites vulnerable to the same treatment....

  2. asdf

    but web devs are such a 1337 bunch

    This is what happens when you hire pony tail web designer hacks that call themselves developers (giveaway is they actually think Adobe is great for the industry with their tools for web development for idiots). Sanitizing input is such hard work. It also requires somebody with some slight training in best practices (ie expensive developer). Nah my Uncle has done a few web pages, and using his adobe tools he works cheap too.

  3. Christoph

    Check before hiring!

    Employment interview for web programmers:

    Question 1: Who is little Bobby Tables?

    1. Anonymous Coward
      Anonymous Coward


      isn't he the little boy whose school doesn't sanitize user input? Got to love xkcd.

  4. Anonymous Coward
    Anonymous Coward


    And they run MySQL > 5.0 too if there's an information_schema table...

  5. Anonymous Coward

    Almost certainly *not* salted.

    Take a look at all the duplicated hashes in the MYSQL.USER table.... the same password should not hash the same way twice if you're salting it properly. This table clearly isn't.

    1. Anonymous Coward


      The salt doesn't have to be random per user to be beneficial, though it definitely helps.

  6. James Woods

    haha haha ha

    I like the explanation from them.

    Why does corporate america get a pass when this type of thing would ruin a mom and pop company.

    It's just e-mail addresses and names barracuda says.......

    That's all, I mean heck we can all just get new e-mail addresses right; it's that easy.

    We need a corporate stupidity tax that taxes these companies when things like this occur.

    They enjoy all the tax-breaks and tax loopholes that small business doesn't. They can't win em all; we can't afford it.

  7. albertismypal

    Another one

    This is almost too unbelievable to be true. A company that sells web application firewalls gets done by SQL injection? Are these guys serious? How are people meant to take the security industry seriously when the very companies peddling this stuff can't get it right?

    How about their advice:

    "You can’t leave a Web site exposed nowadays for even a day (or less)" Ehh.... you reckon?!

    "You can’t be complacent about coding practices, operations or even the lack of private data on your site – even when you have WAF technology deployed" Ehh... you don't say?!

    Would you buy balding prevention medicine from a bald sales guy?

  8. steveiek

    Ha, Barracuda is now looking for a Principal WAF Engineer

    Hmm, it's interesting the Barracuda is now looking for a Principal Software Engineer- Web Application Firewall Development on craigslist. From the posting:


    Design and implement features of Barracuda's Web Application Firewall (WAF) network security product. Improve scalability and performance of network services of Barracuda WAF. ..."

This topic is closed for new posts.

Other stories you might like