Core Security Technologies Breached Again?

Weak LinkCore Security Technologies may be in trouble again.  “snc0pe” claims to have breached their networks for the third time, posting IDs and passwords publicly.  The last time snc0pe hacked Core Security was September 2011, leaving the front page defaced.

Core Security Technologies is a computer and network security company that provides penetration testing and security measurement software products and services.  The company’s research arm, CoreLabs, identifies security vulnerabilities, publishes advisories, and works with vendors to eliminate the exposures they find.

Core is dismissing the attack as insignificant, claiming that it was launched against an 8 year old, unused server that contains no relevant information.

Questions;

  • What is an unused server doing connected to the internet?
  • What access does it offer to other internal and external resources?
  • Just how irrelevant is the information that is stored on it, or accessible using its credentials?
Advertisements

2 thoughts on “Core Security Technologies Breached Again?

  1. Core Security’s active servers, websites or networks were not compromised, including all information contained within these systems, and any information that has been posted online is of no consequence.

    • I got that much from the article, but if “active” servers were not compromised, what was, and if it was not “active”, what happened? I would bet that given the current state of security compliance and attitudes towards password management, any login credentials that are posted online are going to be of consequence. There are 3 questions posed in the original posting, and they seem to remain unanswered…

Comments are closed.