I'm happy that he shares my exact point of view on this.
Apparently it's okay for anyone to just build up a suite of security penetrating software, call yourself a 'security company' and sell it on the open market. You will just get money thrown at you by governments and voila, there's your profit. Now just keep all the exploits you find private and rake in the millions. (100 clients in their database, times at least 1.5 million. You do the math)
The only thing we 'geeks' can do against this is tear this apart whenever it leaks, submit the relevant bugreports to the companies that are exploitable and hope for quick patches. It's an insane world we live in.
Footnote: I do not condone or promote hacking websites and then leaking data like this, but I have a strong feeling that this hacker just used SQLMap on their site (judging by the fact that there's no sql injection prevention at all in the code)
HBGary also got social-engineered with emails to an oversees sysadmin. At that point they already had used some relatively minor security exploit, then used the social-engineering to escalate privileges further.
(this is from vague memory, I may have gotten some details wrong here)
Apparently it's okay for anyone to just build up a suite of security penetrating software, call yourself a 'security company' and sell it on the open market. You will just get money thrown at you by governments and voila, there's your profit. Now just keep all the exploits you find private and rake in the millions. (100 clients in their database, times at least 1.5 million. You do the math)
The only thing we 'geeks' can do against this is tear this apart whenever it leaks, submit the relevant bugreports to the companies that are exploitable and hope for quick patches. It's an insane world we live in.
Footnote: I do not condone or promote hacking websites and then leaking data like this, but I have a strong feeling that this hacker just used SQLMap on their site (judging by the fact that there's no sql injection prevention at all in the code)