That, as they say, was the ballgame. Per :

For a security company to use a CMS that was so flawed is remarkable.... Proper handling of passwords--iterative hashing, using salts and slow algorithms--and protection against SQL injection attacks are basic errors. ...And though not all the passwords were retrieved ... two were, because they were so poorly chosen.

Meanwhile, HBGary Federal -- a division of HBGary -- is all but dead. It . I'll bet within a year that if parent company HBGary survives this debacle, it decides on a name change. There's no getting the stink off now.

As for Barr, he's a victim of his own hubris. I'd be surprised (and, really, appalled) if he's still employed in any capacity within a month. He thought he could fly with the gods; instead he crashed and burned.

You might call it a classic geek tragedy.