HBGary Federal
There is no part of the HBGary Federal hack that should have worked. SQL injection on a custom CMS, unsalted MD5, password reuse into Google Apps administration, and an unsalted social-engineering message to a sysadmin at rootkit.com.
Thirteen years on
Year-opening notebook entry. 2010 produced Stuxnet, the WikiLeaks cable response, and the start of the Tunisian protests. The year ahead is going to be about privacy and encryption, penetration testing, and Hedgehog's third year.
2010 in review
December retrospective. 2010 has been substantively significant — Aurora, Stuxnet, WikiLeaks, Anonymous. The cumulative trajectory toward state-grade cyber operations is now operationally visible.
Anonymous, Operation Payback, and the new political-DDoS
Anonymous-affiliated DDoS attacks against organisations responding to WikiLeaks have produced substantial operational disruption. The political-DDoS category continues evolving.
WikiLeaks Iraq War Logs
WikiLeaks released approximately 400,000 US military documents on 22 October. The structural questions about insider data exfiltration and disclosure are operationally significant.