In an ironic article, H Online reports that security firm Barracuda Networks became a victim when criminals hacked into its company website and stole customer and staff data. Specializing in server and web application security and claiming to be the “worldwide leader in email and web security appliances”, Barracuda had an SQL injection hole in a PHP script for displaying customer references exploited by intruders.
“The company says that its web site is protected by its own brand Web Application Firewall, but that this firewall went down for maintenance the evening before the attack. The attackers reportedly used a script that sent requests to the server for two hours before it eventually discovered the vulnerable code. Security firms appear to have become a particularly attractive target – HBGary, RSA and Comodo were recently also broken into.”