Lulzsec

Seen something interesting in the news or on the intertubes? Discuss it here.

Moderators: Zamfir, Hawknc, Moderators General, Prelates

User avatar
Marbas
Posts: 1169
Joined: Mon Jun 04, 2007 4:01 am UTC
Location: Down down down at the bottom of the sea
Contact:

Re: Lulzsec

Postby Marbas » Tue Jun 21, 2011 6:14 am UTC

Actually it's more like going into a person's house with door unlocked and then reading all the mail they have on their counter. Sure, you could say it was stupid to leave the door unlocked. But the fault ultimately lies with the thief. They're the ones who did something wrong. They're the ones who went through another person's personal information and damaged that person's life. The idea that stealing information over the internet is morally different from stealing it physically seems to have more to do with idiotic romantic notions of the internet being some sort of wild west where people can do whatever they want.

Look, even if the person had a left a goddamn sign on their lawn saying that the door was unlocked, in giant flashing letters, the thief would still be at fault.

That's the whole fucking point of ideas like morality and "fault" and all that good stuff. So we can point out that the jackasses who do things like take advantage of people's stupidity just to make an example of them are just that, jackasses.
Jahoclave wrote:Do you have any idea how much more fun the holocaust is with "Git er Done" as the catch phrase?

User avatar
Ortus
Fluffy
Posts: 569
Joined: Sat Apr 03, 2010 7:09 am UTC

Re: Lulzsec

Postby Ortus » Tue Jun 21, 2011 6:49 am UTC

Marbas wrote:Actually it's more like going into a person's house with door unlocked and then reading all the mail they have on their counter. Sure, you could say it was stupid to leave the door unlocked. But the fault ultimately lies with the thief. They're the ones who did something wrong. They're the ones who went through another person's personal information and damaged that person's life. The idea that stealing information over the internet is morally different from stealing it physically seems to have more to do with idiotic romantic notions of the internet being some sort of wild west where people can do whatever they want.

Look, even if the person had a left a goddamn sign on their lawn saying that the door was unlocked, in giant flashing letters, the thief would still be at fault.

That's the whole fucking point of ideas like morality and "fault" and all that good stuff. So we can point out that the jackasses who do things like take advantage of people's stupidity just to make an example of them are just that, jackasses.


So I take it you read my argument and then let it fall completely outside your mind as you typed your response? Perhaps I worded it poorly, I do that often. You seem to be of the mind that the word morality encompasses any direct meaning between two people, and I find that entirely too simplistic of an approach for this topic (or any topic). The type of morality you're talking about is not even an issue, within the confines of the argument you have responded to: what is of far more import is the assigning of who the instigator would be in these situations, and from there morality can be incorporated. Surely the hacker plays a role at some fault, but it is obnoxious to think the entirety of it lie at the hacker's feet.

Psychology plays a bigger role in this stage of the discussion than morality, I suspect - the how of things, not the why. I'll let the idiotic comment slide.

Edit: hrm, on second look, perhaps I came off too strongly in this post.
So we can point out that the jackasses who do things like take advantage of people's stupidity just to make an example of them are just that, jackasses.


This is the problem, this line of thinking right here. Who are the jackasses? And don't tell me, in this kind of situation, it is and can only ever be the hacker (or the thief, as it was put). Going back to the groupist in my previous post, your line of thinking fits neatly with his. In his mind, the jackasses are the gays, or the coloreds, or the <insert popular groupist target here>. Is your morality content with that?
Last edited by Ortus on Tue Jun 21, 2011 7:05 am UTC, edited 1 time in total.
roband wrote:Face, yes. Chest, probably. Pubic area, maybe. Scrotum, not a fucking chance.

johnny_7713
Posts: 555
Joined: Tue Jun 15, 2010 1:31 pm UTC

Re: Lulzsec

Postby johnny_7713 » Tue Jun 21, 2011 7:04 am UTC

Ortus wrote:
Marbas wrote:Actually it's more like going into a person's house with door unlocked and then reading all the mail they have on their counter. Sure, you could say it was stupid to leave the door unlocked. But the fault ultimately lies with the thief. They're the ones who did something wrong. They're the ones who went through another person's personal information and damaged that person's life. The idea that stealing information over the internet is morally different from stealing it physically seems to have more to do with idiotic romantic notions of the internet being some sort of wild west where people can do whatever they want.

Look, even if the person had a left a goddamn sign on their lawn saying that the door was unlocked, in giant flashing letters, the thief would still be at fault.

That's the whole fucking point of ideas like morality and "fault" and all that good stuff. So we can point out that the jackasses who do things like take advantage of people's stupidity just to make an example of them are just that, jackasses.


So I take it you read my argument and then let it fall completely outside your mind as you typed your response? Perhaps I worded it poorly, I do that often. You seem to be of the mind that the word morality encompasses any direct meaning between two people, and I find that entirely too simplistic of an approach for this topic (or any topic). The type of morality you're talking about is not even an issue, within the confines of the argument you have responded to: what is of far more import is the assigning of who the instigator would be in these situations, and from there morality can be incorporated. Surely the hacker plays a role at some fault, but it is obnoxious to think the entirety of it lie at the hacker's feet.

Psychology plays a bigger role in this stage of the discussion than morality, I suspect - the how of things, not the why. I'll let the idiotic comment slide.


The hacker must make a conscious choice: to hack or not to hack. He/she is not under any kind of duress and completely free to make either choice. Hence if the hacker choses to hack, the fault lies with the hacker. Lax security measures do not have the magic power to compel someone to hack a website, and to the best of my knowledge there is also no recognised psychological disorder that compels people to hack websites with poor security. The only place moral blame can thus be laid is at the feet of the hacker. (Whether or not and to what extent the website owner has a responsibility towards the people who entrusted him/her with their data is a completely different question).

In addition if we examine your argument further we will note that 'lax security' must be defined from the point of view of the hacker, since what is 'lax security' to a hacker of great skill will be good security to a hacker of very little skill. This leads to the conclusion that it is only moral to hack websites one can hack easily and that the number of websites it is moral to hack increase with your skill, which IMO is rather absurd (unless you're a big fan of might is right).

User avatar
Marbas
Posts: 1169
Joined: Mon Jun 04, 2007 4:01 am UTC
Location: Down down down at the bottom of the sea
Contact:

Re: Lulzsec

Postby Marbas » Tue Jun 21, 2011 7:16 am UTC

This is the problem, this line of thinking right here. Who are the jackasses? And don't tell me, in this kind of situation, it is and can only ever be the hacker (or the thief, as it was put). Going back to the groupist in my previous post, your line of thinking fits neatly with his. In his mind, the jackasses are the gays, or the coloreds, or the <insert popular groupist target here>. Is your morality content with that?


Yes. Because the negative impact of a hack is directly, immediately, and obviously observable. Whereas the negative impact of the groupist's hated group is not, in fact, observable. And in fact, the negative impact of the groupist's behavior is observable.

The idea that you can separate blame from harm is one that I take issue with. Because, if no harm is done, the blame is literally purposeless. What are you blaming them for? Doing a thing? Because I totally just did a thing right now.
Jahoclave wrote:Do you have any idea how much more fun the holocaust is with "Git er Done" as the catch phrase?

User avatar
Ortus
Fluffy
Posts: 569
Joined: Sat Apr 03, 2010 7:09 am UTC

Re: Lulzsec

Postby Ortus » Tue Jun 21, 2011 7:36 am UTC

johnny_7713 wrote:
Ortus wrote:
So I take it you read my argument and then let it fall completely outside your mind as you typed your response? Perhaps I worded it poorly, I do that often. You seem to be of the mind that the word morality encompasses any direct meaning between two people, and I find that entirely too simplistic of an approach for this topic (or any topic). The type of morality you're talking about is not even an issue, within the confines of the argument you have responded to: what is of far more import is the assigning of who the instigator would be in these situations, and from there morality can be incorporated. Surely the hacker plays a role at some fault, but it is obnoxious to think the entirety of it lie at the hacker's feet.

Psychology plays a bigger role in this stage of the discussion than morality, I suspect - the how of things, not the why. I'll let the idiotic comment slide.


The hacker must make a conscious choice: to hack or not to hack. He/she is not under any kind of duress and completely free to make either choice. Hence if the hacker choses to hack, the fault lies with the hacker. Lax security measures do not have the magic power to compel someone to hack a website, and to the best of my knowledge there is also no recognised psychological disorder that compels people to hack websites with poor security. The only place moral blame can thus be laid is at the feet of the hacker. (Whether or not and to what extent the website owner has a responsibility towards the people who entrusted him/her with their data is a completely different question).

In addition if we examine your argument further we will note that 'lax security' must be defined from the point of view of the hacker, since what is 'lax security' to a hacker of great skill will be good security to a hacker of very little skill. This leads to the conclusion that it is only moral to hack websites one can hack easily and that the number of websites it is moral to hack increase with your skill, which IMO is rather absurd (unless you're a big fan of might is right).



I appreciate what I have made bold, thank you. Might is right only for right values of might, yeah? Anywho,

The hacker of great skill will always be the one who matters, same with the thief of great skill and the military commander of great skill and the pole-dancer of great skill. Should a hacker of great skill be a 'hacker' at all? I think that question would lead to a conversation much too lengthy for this, but that would be my strongest response; turning the shades of black and white in reverse, as it were, this highly skilled person seeing himself working for 'the good guys' to better protect customer interests as opposed to the 'bad guys' and pointing out ineptitude. This will get all sorts of hate, but you don't usually get hired to do a shitty job. It could be said that it behooves an employee to perform to the best of his or her ability, and in a field where a particular skill matters, to strive for the status of 'best' in that skill or to not apply for the position at all. I don't believe that.

I would submit that a hacker cares most of all about hacking, and his or her increasing skill therein; I would also submit that a hackers skill increases with the websites he or she is morally allowed to hack (under the constraints of the argument, at least). So, the hacker (the greatly skilled one, the one that matters) now has an issue: as he or she increases in skill, the amount of websites this person is morally allowed to hack increases, and I would posit that that moral allowance would readily approach all the websites. At a certain point, along this argument, there would not be a website left to hack - the hacker would be able to hack all of them. This hacker is now left with absolutely nothing to increase skill against, right? If the hacker cares about increasing skill in the craft of hacking, and there are no other websites for him/her to hack, how should the hacker increase their skill? By creating a website they wouldn't have been able to hack (before the creation of this website).

I hope I've made this clear enough to relay my intent? Probably not, and the argument isn't a very strong one regardless if it gets across. I'm still practicing, as it were.


And I wasn't specifically speaking of any certain disorder or recognized response, with the psychology comment: more the shift between what is important in the argument I had made (a moral decision verse a non-moral decision or response of the mind).

Yes. Because the negative impact of a hack is directly, immediately, and obviously observable. Whereas the negative impact of the groupist's hated group is not, in fact, observable. And in fact, the negative impact of the groupist's behavior is observable.

The idea that you can separate blame from harm is one that I take issue with. Because, if no harm is done, the blame is literally purposeless. What are you blaming them for? Doing a thing? Because I totally just did a thing right now.


I totally do things all the time! Maybe we should get together and do things, doing things can be fun. And I'm not trying to separate harm from blame, exactly, so I'm sorry if that is what I led you to think. Rather, I am interested in attributing the harm outward from the person being blamed.
johnny_7713 said,

Whether or not and to what extent the website owner has a responsibility towards the people who entrusted him/her with their data is a completely different question


In that sense, it could be said that the hacker hurts a company; the company hurts all the people whose information was stolen by the hacker. In my opinion, companies don't deserve nearly so much sympathy as those whose information was stolen. The company is the common denominator, here; the hacker interacts with the company (in this argument), and its information, but never directly with the people (they aren't hacking a persons email/bank/social media account directly, they are hacking something else to get the information). The people are interacting directly with the company, but never the hacker (nothing they do, no vigilance short of never giving information to the company, will affect the hacker in any way). That is how I came the statement about hackers hurting a company and companies hurting the people whose information it keeps, at least.
roband wrote:Face, yes. Chest, probably. Pubic area, maybe. Scrotum, not a fucking chance.

sje46
Posts: 4730
Joined: Wed May 14, 2008 4:41 am UTC
Location: New Hampshire

Re: Lulzsec

Postby sje46 » Tue Jun 21, 2011 1:04 pm UTC

End game indeed. It appears that police in the UK have arrested the "mastermind" of the organization. http://content.met.police.uk/News/eCrim ... 7246745756

Officers from the Metropolitan Police Central e-Crime Unit (PCeU) have arrested a 19-year-old man in a pre-planned intelligence-led operation.

The arrest follows an investigation into network intrusions and Distributed Denial of Service (DDoS) attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.

The teenager was arrested on suspicion of Computer Misuse Act, and Fraud Act offences and was taken to a central London police station, where he currently remains in custody for questioning.

Searches at a residential address in Wickford, Essex, following the arrest last night have led to the examination of a significant amount of material. These forensic examinations remain ongoing.

The PCeU was assisted by officers from Essex Police and have been working in co-operation with the FBI.


EDIT: I should also note that this probably explains the fact that there hasn't been any tweets in the past 9 hours. (they've made 1081 posts since May 6, which means 23 tweets per day)

EDIT: wow...apparently that little antisec op resulted in them stealing the entire UK census database.

http://www.telegraph.co.uk/technology/n ... ensus.html
General_Norris: Taking pride in your nation is taking pride in the division of humanity.
Pirate.Bondage: Let's get married. Right now.

User avatar
netcrusher88
Posts: 2166
Joined: Mon Mar 26, 2007 4:35 pm UTC
Location: Seattle

Re: Lulzsec

Postby netcrusher88 » Tue Jun 21, 2011 1:29 pm UTC

reddit is of the opinion this guy was just an IRCop on the encyclopediadramatica IRC server where lulzsec had a channel and isn't actually related to lulzsec.

reddit is probably right about the first part. Not sure whether he had anything to do with the attacks yet. That remains to be seen.
Sexothermic
I have only ever made one prayer to God, a very short one: "O Lord, make my enemies ridiculous." And God granted it. -Voltaire
They said we would never have a black president until Swine Flu. -Gears

KnightExemplar
Posts: 5494
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Lulzsec

Postby KnightExemplar » Tue Jun 21, 2011 1:43 pm UTC

I would submit that a hacker cares most of all about hacking, and his or her increasing skill therein; I would also submit that a hackers skill increases with the websites he or she is morally allowed to hack (under the constraints of the argument, at least). So, the hacker (the greatly skilled one, the one that matters) now has an issue: as he or she increases in skill, the amount of websites this person is morally allowed to hack increases, and I would posit that that moral allowance would readily approach all the websites. At a certain point, along this argument, there would not be a website left to hack - the hacker would be able to hack all of them. This hacker is now left with absolutely nothing to increase skill against, right? If the hacker cares about increasing skill in the craft of hacking, and there are no other websites for him/her to hack, how should the hacker increase their skill? By creating a website they wouldn't have been able to hack (before the creation of this website).

I hope I've made this clear enough to relay my intent? Probably not, and the argument isn't a very strong one regardless if it gets across. I'm still practicing, as it were.


A hacker of great skill who wants to perform his act morally should:

1. Join a Security Consulting Firm.
2. Make Tons of money.

You'll attack websites you were paid to hack (to test their security), and then you're paid to fix those websites so you can't hack them. Win/Win for everyone. Its called penetration testing, and major security firms offer this service today. Your skills are constantly challenged by your legitimate customers. Your clients don't lose any information and don't get any downtime because you're hacking their development network instead of their live site. Your client's customers never have their information at risk, etc. etc. You actually ask them for information that helps you hack faster (so you can service more customers)... really, win/win for everyone.

But every security consultant knows this: there's a difference between blackmail and offering your services. If you first reveal security flaws and then tell the client about your services... that is blackmail. (Ex: If you don't pay me to protect your site, I'll be able to do this to your customers). So order matters. You are only allowed to reveal security flaws if your client requests your services.
Last edited by KnightExemplar on Tue Jun 21, 2011 1:47 pm UTC, edited 1 time in total.
First Strike +1/+1 and Indestructible.

User avatar
Box Boy
WINNING
Posts: 1356
Joined: Thu Nov 20, 2008 9:33 pm UTC

Re: Lulzsec

Postby Box Boy » Tue Jun 21, 2011 1:46 pm UTC

Just checked their twitter, apparently they've not got a clue about the census thing.
Signatures are for chumps.

johnny_7713
Posts: 555
Joined: Tue Jun 15, 2010 1:31 pm UTC

Re: Lulzsec

Postby johnny_7713 » Tue Jun 21, 2011 2:46 pm UTC

Ortus wrote:In that sense, it could be said that the hacker hurts a company; the company hurts all the people whose information was stolen by the hacker. In my opinion, companies don't deserve nearly so much sympathy as those whose information was stolen. The company is the common denominator, here; the hacker interacts with the company (in this argument), and its information, but never directly with the people (they aren't hacking a persons email/bank/social media account directly, they are hacking something else to get the information). The people are interacting directly with the company, but never the hacker (nothing they do, no vigilance short of never giving information to the company, will affect the hacker in any way). That is how I came the statement about hackers hurting a company and companies hurting the people whose information it keeps, at least.


But the hacker's actions do directly affect the people, as he steals the information they had entrusted to the company. If I write down sensitive personal information on a piece of paper and put it in a safety deposit box at the bank which is then robbed, the bank robber will have stolen my personal information, something that affects me directly, especially if that information is publicly broadcast.

The company has perhaps not done enough to prevent the people from being hurt, but it has not hurt the people, that was done by the hacker that chose to steal their personal information, regardless of whether it was kept by a third party.

User avatar
Dauric
Posts: 3998
Joined: Wed Aug 05, 2009 6:58 pm UTC
Location: In midair, traversing laterally over a container of sharks. No water, just sharks, with lasers.

Re: Lulzsec

Postby Dauric » Tue Jun 21, 2011 3:32 pm UTC

A retail store puts discount items on display on racks outside the store front, taking items and not paying for them is still theft.
A car is left in a valid parking place with the doors unlocked and the key in the ignition, taking that car is still theft. Police "Bait car" programs are not entrapment.
Taking things that don't belong to you, despite the house's door being open and/or unlocked is still theft.

In all these cases the thief has to actively make the choice to break the law, they actively make the choice to open the door to someone's house, they actively make the choice to drive the car, they actively make the choice to take the item. Objects do not magically jump in to people's pockets, they're not compelled by gravitational forces to enter the car seat and search the glovebox, wormholes have yet to routinely open that deposit people in to the homes of total strangers (though we all know Aperture Science is working on it).

Hackers may have natural talent at breaking in to secured systems, but they still have the choice whether or not to act on it, and how they act on it. Someone may have an incredible talent for art, but it is no justification for them to paint your house, car, furniture, pets, etc. without your consent.

There are no laws regulating the efficacy of my house door lock with regards to someone breaking in. The most secure homes would have barred windows and metal shutters for the windows and doors, but someone breaking in to my home and stealing my TV is no less a burglar because my home doesn't have bars on the windows or electronically controlled window shutters, or automated gun turrets.

And here's the thing: Thousands of years of law and legal precedent do not magically dissolve because you're on the internet. These are pretty basic principles in the foundations of civil society since the beginning of civilization itself. You're going to have a hard time convincing most people, much less a court of law, that someone was justified breaking these social conventions just because they are on the internet and not invading a physical building.
We're in the traffic-chopper over the XKCD boards where there's been a thread-derailment. A Liquified Godwin spill has evacuated threads in a fourty-post radius of the accident, Lolcats and TVTropes have broken free of their containers. It is believed that the Point has perished.

User avatar
Ptolom
Posts: 1559
Joined: Mon Mar 24, 2008 1:55 pm UTC
Location: The entropy pool
Contact:

Re: Lulzsec

Postby Ptolom » Tue Jun 21, 2011 4:45 pm UTC

I'm not sure of the significance but their website appears to have gone down.
lulzsecurity.com wrote:This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.

User avatar
Cheezwhiz Jenkins
Posts: 365
Joined: Fri Jan 01, 2010 11:52 pm UTC

Re: Lulzsec

Postby Cheezwhiz Jenkins » Tue Jun 21, 2011 4:51 pm UTC

It's up now.
That explosion was so big it blew off his mullet :-O

yoni45
Posts: 2123
Joined: Sun Jul 08, 2007 9:16 am UTC
Contact:

Re: Lulzsec

Postby yoni45 » Tue Jun 21, 2011 7:35 pm UTC

johnny_7713 wrote:But the hacker's actions do directly affect the people, as he steals the information they had entrusted to the company. If I write down sensitive personal information on a piece of paper and put it in a safety deposit box at the bank which is then robbed, the bank robber will have stolen my personal information, something that affects me directly, especially if that information is publicly broadcast.

The company has perhaps not done enough to prevent the people from being hurt, but it has not hurt the people, that was done by the hacker that chose to steal their personal information, regardless of whether it was kept by a third party.


Cool thing about moral fault? It doesn't have to be either/or. It doesn't even have to add up to 100% (robber is 60% and bank is 40%). It individually either exists or it doesn't.

The hacker is clearly morally blameworthy (100%).
The bank, if it had negligently lax security standards, is also morally blameworthy (100%).
I sell LSAT courses and LSAT course accessories. Admittedly, we're still working on the accessories.

User avatar
Garm
Posts: 2241
Joined: Wed Sep 26, 2007 5:29 pm UTC
Location: Usually at work. Otherwise, Longmont, CO.

Re: Lulzsec

Postby Garm » Tue Jun 21, 2011 7:47 pm UTC

yoni45 wrote:
johnny_7713 wrote:But the hacker's actions do directly affect the people, as he steals the information they had entrusted to the company. If I write down sensitive personal information on a piece of paper and put it in a safety deposit box at the bank which is then robbed, the bank robber will have stolen my personal information, something that affects me directly, especially if that information is publicly broadcast.

The company has perhaps not done enough to prevent the people from being hurt, but it has not hurt the people, that was done by the hacker that chose to steal their personal information, regardless of whether it was kept by a third party.


Cool thing about moral fault? It doesn't have to be either/or. It doesn't even have to add up to 100% (robber is 60% and bank is 40%). It individually either exists or it doesn't.

The hacker is clearly morally blameworthy (100%).
The bank, if it had negligently lax security standards, is also morally blameworthy (100%).


Agreed. Just because the hacker decides to steal your data doesn't mean the company is blameless for not securing it as well as you, the consumer, had thought. It's a breach of trust. Would you give your money to a bank that secured its vaults with a master lock spinning combo lock? I don't think so. I can open one of those with a shoelace and a strong friend. Similarly, I'm not going to do business with a company that gets hit with a SQL injection. That's sloppy.
Those who make peaceful revolution impossible will make violent revolution inevitable.
- JFK

User avatar
Decker
Posts: 2071
Joined: Tue Jan 09, 2007 4:22 pm UTC
Location: Western N.Y.

Re: Lulzsec

Postby Decker » Tue Jun 21, 2011 8:03 pm UTC

I agree...to an extent.

I agree that companies should do everything possible to keep critical data secure. Encryption, good security policies, the works. If they don't follow good security policies, then yeah, bad on them.

Truth is that it's very difficult to stop a dedicated hack. Most hacking attacks are against targets of opportunity, places with bad security. A good firewall or whatever is usually enough to make them look for an easier target. However, someone someone really wants to break into your system in particular, then nine times out of ten, it's just a matter of time.

I'm wondering how many of these attacks are from bad security policies and how many are from a team of skilled hackers with a grudge.

I guess my point is that even though some of these places were broken into, it's not necessary a sign that they had inadequate security for what they were protecting.
I was angry with my friend. I told my wrath. My wrath did end.
I was angry with my foe. I told it not. My wrath did grow.

User avatar
Marbas
Posts: 1169
Joined: Mon Jun 04, 2007 4:01 am UTC
Location: Down down down at the bottom of the sea
Contact:

Re: Lulzsec

Postby Marbas » Wed Jun 22, 2011 12:20 am UTC

I totally do things all the time! Maybe we should get together and do things, doing things can be fun. And I'm not trying to separate harm from blame, exactly, so I'm sorry if that is what I led you to think. Rather, I am interested in attributing the harm outward from the person being blamed.


And I am sorry for being abrasive and unpleasant! I really need to learn to reign that in and be more civil.
Jahoclave wrote:Do you have any idea how much more fun the holocaust is with "Git er Done" as the catch phrase?

LtNOWIS
Posts: 371
Joined: Sun Dec 12, 2010 4:21 pm UTC
Location: Fairfax County

Re: Lulzsec

Postby LtNOWIS » Wed Jun 22, 2011 2:14 am UTC

Garm wrote:Agreed. Just because the hacker decides to steal your data doesn't mean the company is blameless for not securing it as well as you, the consumer, had thought. It's a breach of trust. Would you give your money to a bank that secured its vaults with a master lock spinning combo lock? I don't think so. I can open one of those with a shoelace and a strong friend. Similarly, I'm not going to do business with a company that gets hit with a SQL injection. That's sloppy.

This is a nitpick, but if you give your money to the bank, and a robber steals the money, you don't lose anything. The bank can't say, "Oh, the robber took your money. I guess we'll close our your account." It still owes you your money regardless of how much it gets robbed. It just eats into the bank's profit margins. Even if it goes bankrupt, then you're still insured for up to $250,000* dollars in the United States. So the consumer has no real incentive to seek out a bank with high standards of traditional security if they're just doing normal banking.

A better analogy would be a safe-deposit box.


*The limit was $100,000, but it was increased recently.

User avatar
Steax
SecondTalon's Goon Squad
Posts: 3038
Joined: Sat Jan 12, 2008 12:18 pm UTC

Re: Lulzsec

Postby Steax » Wed Jun 22, 2011 3:08 am UTC

If I remember correctly, the PBS website hack was due to a vulnerability in their CMS (can't remember what it was - it's a paid product IIRC) that was previously unaccounted for. So in at least one case, the victim didn't do anything wrong, but still got hacked.

Just saying this because everyone is on "lax security is also to blame."

EDIT: Ah, it was MovableType, and it was a zero-day attack.
In Minecraft, I use the username Rirez.

User avatar
Velict
Posts: 609
Joined: Wed Dec 24, 2008 9:07 pm UTC
Location: Icecrown Citadel

Re: Lulzsec

Postby Velict » Wed Jun 22, 2011 4:00 am UTC

Lax security is a bad thing, but watching the FBI show up at these fuckers' houses is a great thing.

User avatar
Garm
Posts: 2241
Joined: Wed Sep 26, 2007 5:29 pm UTC
Location: Usually at work. Otherwise, Longmont, CO.

Re: Lulzsec

Postby Garm » Wed Jun 22, 2011 5:50 am UTC

LtNOWIS wrote:
Garm wrote:Agreed. Just because the hacker decides to steal your data doesn't mean the company is blameless for not securing it as well as you, the consumer, had thought. It's a breach of trust. Would you give your money to a bank that secured its vaults with a master lock spinning combo lock? I don't think so. I can open one of those with a shoelace and a strong friend. Similarly, I'm not going to do business with a company that gets hit with a SQL injection. That's sloppy.

This is a nitpick, but if you give your money to the bank, and a robber steals the money, you don't lose anything. The bank can't say, "Oh, the robber took your money. I guess we'll close our your account." It still owes you your money regardless of how much it gets robbed. It just eats into the bank's profit margins. Even if it goes bankrupt, then you're still insured for up to $250,000* dollars in the United States. So the consumer has no real incentive to seek out a bank with high standards of traditional security if they're just doing normal banking.

A better analogy would be a safe-deposit box.


*The limit was $100,000, but it was increased recently.


Right, but there's no insurance on your identity. Just like I'm not going to secure my shit in a bank that has lax security, I don't want to give my personal information to some company that has piss-poor security on their database.
Those who make peaceful revolution impossible will make violent revolution inevitable.
- JFK

johnny_7713
Posts: 555
Joined: Tue Jun 15, 2010 1:31 pm UTC

Re: Lulzsec

Postby johnny_7713 » Wed Jun 22, 2011 6:40 am UTC

yoni45 wrote:
johnny_7713 wrote:But the hacker's actions do directly affect the people, as he steals the information they had entrusted to the company. If I write down sensitive personal information on a piece of paper and put it in a safety deposit box at the bank which is then robbed, the bank robber will have stolen my personal information, something that affects me directly, especially if that information is publicly broadcast.

The company has perhaps not done enough to prevent the people from being hurt, but it has not hurt the people, that was done by the hacker that chose to steal their personal information, regardless of whether it was kept by a third party.


Cool thing about moral fault? It doesn't have to be either/or. It doesn't even have to add up to 100% (robber is 60% and bank is 40%). It individually either exists or it doesn't.

The hacker is clearly morally blameworthy (100%).
The bank, if it had negligently lax security standards, is also morally blameworthy (100%).


I agree with you that the if the bank had negligently lax security standards it is blameworthy. The point I was arguing against was that lax security meant that no or only very little blame attached to the hacker, which several people here were arguing.

User avatar
Rainsborough
Posts: 38
Joined: Thu Dec 16, 2010 4:15 pm UTC

Re: Lulzsec

Postby Rainsborough » Wed Jun 22, 2011 10:13 am UTC

KnightExemplar wrote:
I would submit that a hacker cares most of all about hacking, and his or her increasing skill therein; I would also submit that a hackers skill increases with the websites he or she is morally allowed to hack (under the constraints of the argument, at least). So, the hacker (the greatly skilled one, the one that matters) now has an issue: as he or she increases in skill, the amount of websites this person is morally allowed to hack increases, and I would posit that that moral allowance would readily approach all the websites. At a certain point, along this argument, there would not be a website left to hack - the hacker would be able to hack all of them. This hacker is now left with absolutely nothing to increase skill against, right? If the hacker cares about increasing skill in the craft of hacking, and there are no other websites for him/her to hack, how should the hacker increase their skill? By creating a website they wouldn't have been able to hack (before the creation of this website).

I hope I've made this clear enough to relay my intent? Probably not, and the argument isn't a very strong one regardless if it gets across. I'm still practicing, as it were.


A hacker of great skill who wants to perform his act morally should:

1. Join a Security Consulting Firm.
2. Make Tons of money.

You'll attack websites you were paid to hack (to test their security), and then you're paid to fix those websites so you can't hack them. Win/Win for everyone. Its called penetration testing, and major security firms offer this service today. Your skills are constantly challenged by your legitimate customers. Your clients don't lose any information and don't get any downtime because you're hacking their development network instead of their live site. Your client's customers never have their information at risk, etc. etc. You actually ask them for information that helps you hack faster (so you can service more customers)... really, win/win for everyone.

But every security consultant knows this: there's a difference between blackmail and offering your services. If you first reveal security flaws and then tell the client about your services... that is blackmail. (Ex: If you don't pay me to protect your site, I'll be able to do this to your customers). So order matters. You are only allowed to reveal security flaws if your client requests your services.


What about Grey Hats who root around for exploits for fun, they inform those concerned giving them enough time to close the exploit and then publish the info for the world to see. Are their actions moral, by your estimation? Their actions are usually at least technically illegal, but are they morally reprehensible?
Sooner or later... one has to take sides – if one is to remain human.
-Graham Greene

johnny_7713
Posts: 555
Joined: Tue Jun 15, 2010 1:31 pm UTC

Re: Lulzsec

Postby johnny_7713 » Wed Jun 22, 2011 10:28 am UTC

Rainsborough wrote:
KnightExemplar wrote:
I would submit that a hacker cares most of all about hacking, and his or her increasing skill therein; I would also submit that a hackers skill increases with the websites he or she is morally allowed to hack (under the constraints of the argument, at least). So, the hacker (the greatly skilled one, the one that matters) now has an issue: as he or she increases in skill, the amount of websites this person is morally allowed to hack increases, and I would posit that that moral allowance would readily approach all the websites. At a certain point, along this argument, there would not be a website left to hack - the hacker would be able to hack all of them. This hacker is now left with absolutely nothing to increase skill against, right? If the hacker cares about increasing skill in the craft of hacking, and there are no other websites for him/her to hack, how should the hacker increase their skill? By creating a website they wouldn't have been able to hack (before the creation of this website).

I hope I've made this clear enough to relay my intent? Probably not, and the argument isn't a very strong one regardless if it gets across. I'm still practicing, as it were.


A hacker of great skill who wants to perform his act morally should:

1. Join a Security Consulting Firm.
2. Make Tons of money.

You'll attack websites you were paid to hack (to test their security), and then you're paid to fix those websites so you can't hack them. Win/Win for everyone. Its called penetration testing, and major security firms offer this service today. Your skills are constantly challenged by your legitimate customers. Your clients don't lose any information and don't get any downtime because you're hacking their development network instead of their live site. Your client's customers never have their information at risk, etc. etc. You actually ask them for information that helps you hack faster (so you can service more customers)... really, win/win for everyone.

But every security consultant knows this: there's a difference between blackmail and offering your services. If you first reveal security flaws and then tell the client about your services... that is blackmail. (Ex: If you don't pay me to protect your site, I'll be able to do this to your customers). So order matters. You are only allowed to reveal security flaws if your client requests your services.


What about Grey Hats who root around for exploits for fun, they inform those concerned giving them enough time to close the exploit and then publish the info for the world to see. Are their actions moral, by your estimation? Their actions are usually at least technically illegal, but are they morally reprehensible?


I'd say that morally there's an important difference between 'If you don't pay me I or anyone else will be able to do this' and 'If you don't pay me I will do this'. The first is proactive marketing (though the method of finding out what you will be able to do may be shady), the second is blackmail.

KnightExemplar
Posts: 5494
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Lulzsec

Postby KnightExemplar » Wed Jun 22, 2011 1:57 pm UTC

Rainsborough wrote:What about Grey Hats who root around for exploits for fun, they inform those concerned giving them enough time to close the exploit and then publish the info for the world to see. Are their actions moral, by your estimation? Their actions are usually at least technically illegal, but are they morally reprehensible?


This seems a bit off topic because this does not describe Lulzsec. These Grey Hats do not actually use the exploit to steal data, cause DDOS attacks on live sites, etc. etc. They create the smallest proof of concept that does the least amount of damage, and then inform the owner of their vulnerability.

But to answer your question, this is a gray zone IMO. Morally, you're in the right, but you're still capable of dealing damages. You're hacking into a system that you don't have documentation of. There's always the chance of unwanted harm, an accident if you do something like this. So while its overall "in the right" in my opinion, the dangers of it outweigh the benefits.

There are ways to do it safely (ie: the ATM hacker I mentioned earlier. He bought the ATMs himself, and put fake money into it. There's no law against hacking an ATM you own to steal fake money... and the worst he could do is damage his own machine). So if its safe, then yes, I'd say its completely moral. But if you put the other machine at risk, you'll have to weigh your actions and determine if its worth the risks.

The lock picking analogy is a good one. Sometimes, if you're picking a lock, your pick will break. If you're testing the locks of a bank and your pick breaks inside of their door, then you are responsible for buying that bank a new lock (and potentially a new door). Its completely safe (and legal) to buy the locks that banks use, test it yourself, and then publish your results.

If you're a professional thief, testing a bank's security (and you told them of the risks of breaking their own locks. IE: they may have to buy a new door because of accidental damages), then its fine. But that communication is important: you can't just go around breaking people's locks without telling them, even if you did so accidentally.
First Strike +1/+1 and Indestructible.

joek
Posts: 95
Joined: Tue Apr 21, 2009 4:33 pm UTC

Re: Lulzsec

Postby joek » Wed Jun 22, 2011 5:59 pm UTC

sje46 wrote:End game indeed. It appears that police in the UK have arrested the "mastermind" of the organization. http://content.met.police.uk/News/eCrim ... 7246745756


The Guardian has this guy as hosting the IRC channel, but say he isn't (probably) masterminding the attacks - which, given that it was registered in his name and he doesn't seem to have tried to hide his identity at all, I can believe.
http://www.guardian.co.uk/technology/2011/jun/21/hunt-hackers-us-government-essex-teenager?INTCMP=SRCH

masakatsu
Posts: 121
Joined: Tue Jan 26, 2010 3:02 pm UTC

Re: Lulzsec

Postby masakatsu » Wed Jun 22, 2011 8:31 pm UTC

Dark567 wrote:
KnightExemplar wrote:Stop talking about "in theory". ATMs can be hacked. Some ATMs are apparently on the TCP/IP network, and others are on modem lines that you can dial into (and thus can be hacked old-school, with a modem card). Both modem cards and TCP/IP connections are cheaply avaliable to the public. So if you use ATMs, this discussion is completely relevant to you.

Retail ATM's. If you use you only use Bank ATMs this doesn't apply. I don't like paying fees so almost never touch retail ATM's. I suspect most other people don't use retail ATMs as often for the exact same reason.


Depending on the ATM network, it is theoretically possible to crack an ATM remotely, but very unlikely. On the other hand, an interbank hack is very unlikely. The interbank protocol for data communication is not trusting. If a network device does not match what is expected, interbank excludes it from all future communication. Incorrect IBAN numbers, excluded device. The encryption is heavy and the network might bridge the Internet in places, but mainly runs separately. This also apples to EDI and ES1 protocols, to lesser extents. To crack interbank, you would need the encryption keys, trusted hardware, and someone that can write in the required protocols on all layers. I can write ACH transactions off the top of my head with enough data, but lower layers are very complex, such as their own version of ATM. Equipment for a hack might be cobbled together for a low amount of dollars, but the cost of trying to get experts and connections would be high – especially with forging trust.
I will not attack your math, just your epistemology.

You think you have it bad, I teach Intro to Project Management to Undergrads.

stevey_frac
Posts: 947
Joined: Tue Oct 20, 2009 10:27 pm UTC

Re: Lulzsec

Postby stevey_frac » Thu Jun 23, 2011 10:53 am UTC

Rainsborough wrote:
What about Grey Hats who root around for exploits for fun, they inform those concerned giving them enough time to close the exploit and then publish the info for the world to see. Are their actions moral, by your estimation? Their actions are usually at least technically illegal, but are they morally reprehensible?


I'd say so long as they are responsibly disclosing, and giving enough time to close the exploit, then they are doing the world a favour. Every loophole they close, is a loop that a truly malicious hacker can't use. If we had 10 times as many of these guys as blackhats, the world would be a more secure place.

sje46
Posts: 4730
Joined: Wed May 14, 2008 4:41 am UTC
Location: New Hampshire

Re: Lulzsec

Postby sje46 » Thu Jun 23, 2011 11:27 pm UTC

New release:

We are releasing hundreds of private intelligence bulletins, training manuals,
personal email correspondence, names, phone numbers, addresses and passwords
belonging to Arizona law enforcement. We are targeting AZDPS specifically
because we are against SB1070 and the racial profiling anti-immigrant police
state that is Arizona.


Spoiler:
. /$$ /$$ /$$$$$$
.| $$ | $$ /$$__ $$
.| $$ /$$ /$$| $$ /$$$$$$$$| $$ \__/ /$$$$$$ /$$$$$$$
.| $$ | $$ | $$| $$|____ /$$/| $$$$$$ /$$__ $$ /$$_____/
.| $$ | $$ | $$| $$ /$$$$/ \____ $$| $$$$$$$$| $$
.| $$ | $$ | $$| $$ /$$__/ /$$ \ $$| $$_____/| $$
.| $$$$$$$$| $$$$$$/| $$ /$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$
.|________/ \______/ |__/|________/ \______/ \_______/ \_______/
//Laughing at your security since 2011!

+

__
)| ________________________.------,_ _
_/o|_____/ ,____________.__;__,__,__,__,_Y...:::---===````// #anonymous
|==========\ ; ; ; ; ; \__,__\__,_____ --__,-.\ OFF (( #anarchists
`----------|__,__/__,__/__/ )=))~(( '-\ THE \\ #antisec
\ ==== \ \\~~\\ \ PIGS \\ #lulzsec
`| === | ))~~\\ ```"""=,)) #fuckfbifriday
| === | |'---') #chingalamigra
/ ==== / `====='
┬┤------┬┤

Presents...

##################### CHINGA LA MIGRA BULLETIN #1 6/23/2011 ####################

We are releasing hundreds of private intelligence bulletins, training manuals,
personal email correspondence, names, phone numbers, addresses and passwords
belonging to Arizona law enforcement. We are targeting AZDPS specifically
because we are against SB1070 and the racial profiling anti-immigrant police
state that is Arizona.

The documents classified as "law enforcement sensitive", "not for public
distribution", and "for official use only" are primarily related to border
patrol and counter-terrorism operations and describe the use of informants to
infiltrate various gangs, cartels, motorcycle clubs, Nazi groups, and protest
movements.

Every week we plan on releasing more classified documents and embarassing
personal details of military and law enforcement in an effort not just to reveal
their racist and corrupt nature but to purposefully sabotage their efforts to
terrorize communities fighting an unjust "war on drugs".

Hackers of the world are uniting and taking direct action against our common
oppressors - the government, corporations, police, and militaries of the world.
See you again real soon! ;D

################################################################################

Further reading: lulzsecurity.com/releases/chinga_la_migra_1.txt
General_Norris: Taking pride in your nation is taking pride in the division of humanity.
Pirate.Bondage: Let's get married. Right now.

KnightExemplar
Posts: 5494
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Lulzsec

Postby KnightExemplar » Thu Jun 23, 2011 11:46 pm UTC

Because Mr. Low-Ranking Arizona Police Officer is the politician in charge of making that law.

Totally makes sense. :roll:

The guys who signed the bill into law ALREADY have their names public. Bother those guys, not the police officers.
First Strike +1/+1 and Indestructible.

User avatar
Garm
Posts: 2241
Joined: Wed Sep 26, 2007 5:29 pm UTC
Location: Usually at work. Otherwise, Longmont, CO.

Re: Lulzsec

Postby Garm » Fri Jun 24, 2011 4:21 am UTC

KnightExemplar wrote:Because Mr. Low-Ranking Arizona Police Officer is the politician in charge of making that law.

Totally makes sense. :roll:

The guys who signed the bill into law ALREADY have their names public. Bother those guys, not the police officers.


Can't say that I approve of what they're doing (cuz I don't) but Joe Arpaio is one of the most horrible people on this planet. He loves harrassing him some brown people.
Those who make peaceful revolution impossible will make violent revolution inevitable.
- JFK

LtNOWIS
Posts: 371
Joined: Sun Dec 12, 2010 4:21 pm UTC
Location: Fairfax County

Re: Lulzsec

Postby LtNOWIS » Fri Jun 24, 2011 5:34 am UTC

Arpaio's a county sheriff. The state police, county police from other counties, municipal police, and Tribal police have little connection to him. Granted, Maricopa has most of the population of Arizona. But it's still nonsensical to blame a guy in Tucson or Yuma or Flagstaff for Arpaio's actions.

Hackers of the world are uniting and taking direct action against our common
oppressors - the government, corporations, police, and militaries of the world.

I haven't been following this that closely. Has this been in all of the messages, or is it new? Does it indicate actual anarchist ideology, or is it just window dressing on pointless trolling? Because messing with PBS to be a troll is understandable. Messing with PBS to Fight the Oppressor is profoundly stupid.

Manial
Posts: 212
Joined: Thu Sep 27, 2007 11:52 am UTC

Re: Lulzsec

Postby Manial » Fri Jun 24, 2011 5:55 am UTC

This new hacktivism certainly seems to be at odds with their previous messages of "This is the lulz lizard era, where we do things just because we find it entertaining.", and "We release personal data so that equally evil people can entertain us with what they do with it.".

User avatar
J the Ninja
Posts: 718
Joined: Tue Dec 30, 2008 9:08 pm UTC
Location: Portland, USA
Contact:

Re: Lulzsec

Postby J the Ninja » Fri Jun 24, 2011 7:17 am UTC

http://twitter.com/#!/LulzSec/status/84075440024719361

Apparently they had a guest copywriter for that one.
Shishichi wrote:Applies a sexward force to counter the sexpression effect that Forward Advection can apply to fluid density, particularly along sextainer boundaries. In this way, the sextribute attempts to conserve the overall fluid volume ensuring no density loss.
(he/him/his)

KnightExemplar
Posts: 5494
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Lulzsec

Postby KnightExemplar » Fri Jun 24, 2011 1:31 pm UTC

LtNOWIS wrote:
Hackers of the world are uniting and taking direct action against our common
oppressors - the government, corporations, police, and militaries of the world.

I haven't been following this that closely. Has this been in all of the messages, or is it new? Does it indicate actual anarchist ideology, or is it just window dressing on pointless trolling? Because messing with PBS to be a troll is understandable. Messing with PBS to Fight the Oppressor is profoundly stupid.


PBS was against wikileaks. Therefore, PBS is the oppressor. </sarcasm>

http://www.pbs.org/wgbh/pages/frontline/wikileaks/

That is apparently the video that Lulzsec didn't like, and why they hacked PBS. The New York Times is very strongly anti-Wikileaks, and PBS spent a good amount of time interviewing them. But the video also has a good amount of Julian Assange responding to that criticism.
First Strike +1/+1 and Indestructible.

sje46
Posts: 4730
Joined: Wed May 14, 2008 4:41 am UTC
Location: New Hampshire

Re: Lulzsec

Postby sje46 » Sat Jun 25, 2011 11:24 pm UTC

Lulzsec is over. They announced that their 50 day long voyage is at an end. Wow.

EDIT: press release: http://pastebin.com/1znEGmHa

Friends around the globe,

We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.

For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others - vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It's what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.

While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn't that interesting to know? The mediocre painter turned supervillain liked cats more than we did.

Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we've gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don't stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.

So with those last thoughts, it's time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.

Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.

Let it flow...

Lulz Security - our crew of six wishes you a happy 2011, and a shout-out to all of our battlefleet members and supporters across the globe


File data:


50 Days of Lulz.txt 2.64 KiB
booty/AOL internal data.txt 63.6 KiB
booty/AT&T internal data.rar 314.59 MiB
booty/Battlefield Heroes Beta (550k users).csv 24.67 MiB
booty/FBI being silly.txt 3.82 KiB
booty/Hackforums.net (200k users).sql 111.2 MiB
booty/Nato-bookshop.org (12k users).csv 941.8 KiB
booty/Office networks of corporations.txt 3.87 KiB
booty/Private Investigator Emails.txt 2.52 KiB
booty/Random gaming forums (50k users).txt 6.08 MiB
booty/Silly routers.txt 67.7 KiB
booty/navy.mil owned.png 240.51 KiB
General_Norris: Taking pride in your nation is taking pride in the division of humanity.
Pirate.Bondage: Let's get married. Right now.

User avatar
TheKrikkitWars
Posts: 2205
Joined: Mon Jan 21, 2008 3:08 pm UTC
Location: Bangor, Gwynedd, Gogledd Cymru
Contact:

Re: Lulzsec

Postby TheKrikkitWars » Sun Jun 26, 2011 8:05 am UTC

Well... If *this* is to be believed; I go to uni with one of them... which is a turn up for the books.

I sent him a link to that, to see what he was willing to say about it.
Great things are done when Men & Mountains meet,
This is not Done by Jostling in the Street.

User avatar
TheKrikkitWars
Posts: 2205
Joined: Mon Jan 21, 2008 3:08 pm UTC
Location: Bangor, Gwynedd, Gogledd Cymru
Contact:

Re: Lulzsec

Postby TheKrikkitWars » Sun Jun 26, 2011 5:33 pm UTC

To add to that, the guy who's at my uni; said doesn't know what the bloke on pastebin is on about... We'll see in time.
Great things are done when Men & Mountains meet,
This is not Done by Jostling in the Street.

KnightExemplar
Posts: 5494
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Lulzsec

Postby KnightExemplar » Sun Jun 26, 2011 6:27 pm UTC

The pastebin thingy has a good point. Google, unfortunately, is very very good at finding SQL Injections.

http://erratasec.blogspot.com/2007/08/s ... -easy.html
This is why people talk about "Google Hacking" - if you want to find a website to hack with SQL injection, you can use Google to find vulnerable websites for you. Curiously, the vulnerable United Nations website is the seventh result returned by my Google query. There appear to be many other vulnerable sites in the returned results, including one that might give me access to some SCADA systems.


This goes back to why SQL Injection is kind of unfair. Google, Bing, and so forth all have Spiders that automatically search for websites. These spiders always come across SQL Injection and XSS vulnerabilities, and if you know how to use Google / Bing correctly, you can use the power of search engines to literally search the web for vulnerabilities.
First Strike +1/+1 and Indestructible.

Роберт
Posts: 4285
Joined: Wed May 14, 2008 1:56 am UTC

Re: Lulzsec

Postby Роберт » Mon Jun 27, 2011 4:38 pm UTC

TheKrikkitWars wrote:Well... If *this* is to be believed; I go to uni with one of them... which is a turn up for the books.

I sent him a link to that, to see what he was willing to say about it.

I don't know who posted that, but they don't know how to use appropriate pronouns.
Next we have Laurelai. He is another transgendered non-hacker. He is also very ugly.
The Great Hippo wrote:[T]he way we treat suspected terrorists genuinely terrifies me.


Return to “News & Articles”

Who is online

Users browsing this forum: gmalivuk, solune and 18 guests