More background on the US security firm break-in
Ars Technica has documented the background of the break-in at the US security firm that tried to expose Anonymous but ended up being taken apart itself. The report explains that the attackers' point of entry was a proprietary CMS which was custom-designed for HBGary. The CMS reportedly failed to sufficiently check certain input parameters and this enabled the attackers to send SQL commands to the database via specially crafted URLs. This apparently allowed them to retrieve the CMS users' password hashes, which turned out to be simple, unsalted MD5 hashes that presented an easy target for a rainbow table attack.
I can really recommend to read the Ars Technica link in the article. It explains in very understandable language what went wrong, and what we can learn from it.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump