Lulzsec merge

PogMoThoin · 25-06-2011 12:57pm

I'm glad they're doing it, to show people that the organisations we trust to keep our private information safe are not reliable. In fact, they don't take online security seriously at all.

They hacked the Arizona Department of Public Safety. The officers e-mail passwords were included in what they released, and demonstrate a very low level of awareness of computer security, passwords include "12345", "password" and officers badge numbers.

You must ensure your own safety online, no site can be trusted.

brimal · 25-06-2011 1:10pm

lol @ the people thinking LulzSec is one person

dlofnep · 25-06-2011 1:12pm

PogMoThoin wrote: »

I'm glad they're doing it, to show people that the organisations we trust to keep our private information safe are not reliable. In fact, they don't take online security seriously at all.

They aren't doing it for that though. They are doing it because they are media whores and want attention. They have no interest in highlighting security concerns, or attacking targets for the 'principle' of it. They are whoring up the media and loving every minute of it.

If you were one of those 60,000 people who had an array of strangers reading your personal e-mails, you might not be so glad.

PogMoThoin · 25-06-2011 1:23pm

dlofnep wrote: »

If you were one of those 60,000 people who had an array of strangers reading your personal e-mails, you might not be so glad.

I'm not daft enough to use the same password in any two places so it wouldn't happen. Re-using passwords is lazy, too lazy to spend 5 minutes learning a better method. Anyone who does this deserves what they get tbh.

I have a relative who's password for everything is his name with "1234" after it. He's got a degree so its not like he can't devise or learn a better method. He handles some serious legal documents as part of his job. Its just absolute laziness.

dlofnep · 25-06-2011 1:29pm

PogMoThoin wrote: »

I'm not daft enough to use the same password in any two places so it wouldn't happen. Re-using passwords is lazy, too lazy to spend 5 minutes learning a better method. Anyone who does this deserves what they get tbh.

Nonsense. Most people use the same password out of convenience. If a burglar breaks into a house with a weak lock, does the home-owner equally deserve it?

The reality is - Lulzsec irresponsibly released usernames and passwords for 60,000 people. It's irrelevant how weak or strong their passwords were - they personal information was compromised, and their personal e-mails scoured by thousands of scumbags with ulterior motives.

Seachmall · 25-06-2011 1:54pm

dlofnep wrote: »

Nonsense. Most people use the same password out of convenience. If a burglar breaks into a house with a weak lock, does the home-owner equally deserve it?

Do they deserve it? No.
Should they expect sympathy? No.

With programs out there to generate and securely store passwords for multiple accounts convenience is no longer an excuse for having the same weak password on different sites. It's just laziness and ignorance plain and simple.

PogMoThoin · 25-06-2011 2:14pm

dlofnep wrote: »

Nonsense. Most people use the same password out of convenience. If a burglar breaks into a house with a weak lock, does the home-owner equally deserve it?

The reality is - Lulzsec irresponsibly released usernames and passwords for 60,000 people. It's irrelevant how weak or strong their passwords were - they personal information was compromised, and their personal e-mails scoured by thousands of scumbags with ulterior motives.

Would you trust a bank that didn't store your money in a safe, but on the desk in full view to everyone?

Of the 62,000 leaked usernames and passwords, the people involved wouldn't have any security risks if they hadn't re-used their passwords, it wasn't their email/paypal/amazon etc password that was leaked, but the one for that specific site.

convenience = laziness
Its not that hard to develop a system, there are plenty of guides. There are addons to do it also.
http://antivirus.about.com/od/securitytips/a/passwords.htm

dlofnep · 25-06-2011 2:23pm

PogMoThoin wrote: »

Would you trust a bank that didn't store your money in a safe, but on the desk in full view to everyone?

That's not a comparable scenario. There are far too many 0-days out there, which means that securing web-applications, no matter how much effort is put in - there can always ultimately be a security issue.

PogMoThoin wrote: »

Of the 62,000 leaked usernames and passwords, the people involved wouldn't have any security risks if they hadn't re-used their passwords, it wasn't their email/paypal/amazon etc password that was leaked, but the one for that specific site.

Look - Lulzsec had absolutely no right to release those details. It's irrelevant if they were used on another website. You can't blame people solely for their own convenience. It was Lulzsec who compromised their details and shared them - Lulzsec is 100% to blame for anything that occurred because of it.

PogMoThoin wrote: »

Its not that hard to develop a system, there are plenty of guides. There are addons to do it also.
http://antivirus.about.com/od/securitytips/a/passwords.htm

As someone who is a regular contributor to the security forum on boards, you're preaching to the preached. But you're overlooking the reality that the majority of internet users are casual users.

What Lulzsec did was wrong, and for you to say that they deserved it is immature.

LighterGuy · 25-06-2011 2:25pm

dlofnep wrote: »

Uh, wrong.

That may be the case for 'cracking'. The motive of hacking is to purely understand how something works.

I'm well aware of the difference from cracking and hacking.
thing is, just because someone says they did it out of 'hacking' - could really be 'cracking'.

"eh yeah i only did it cause i was testing your security :P" (in reality i was looking for the credit card details) :pac:

PogMoThoin · 25-06-2011 2:54pm

dlofnep wrote: »

As someone who is a regular contributor to the security forum on boards, you're preaching to the preached. But you're overlooking the reality that the majority of internet users are casual users.

What Lulzsec did was wrong, and for you to say that they deserved it is immature.

To say they're mostly casual users is wrong, some like my relative actually use pc's every day of the week and know the dangers, some like the Police officers have been briefed on online safety but still use something like "password" or "12345". These people do know better, but don't bother.

I never said what Lulzsec are doing was right, but if it proves to convince everyone to tighten up then I'm all for it, make a bigger issue of it. We trust sites to keep our information secure, but how secure is that info, does getting access to that info give anyone enough information to get elsewhere? And You're right, we need to inform casual users of easy methods of security, but we also need to insist that non-casual users don't be so lazy, the only way to do this is make it a big worldwide issue, open their eyes.

Along with that we also need sites to take their security more seriously. Lulzsec claimed most of the sites they hack are pretty simple to get into, some like Sony even stored un-encrypted passwords in plain text files, completely unacceptable. I'm glad they highlighted that.

PogMoThoin · 25-06-2011 4:53pm

A 19-year-old charged with hacking the website of the UK Serious Organised Crime Agency has been diagnosed with Asperger's syndrome, a court has heard.

Ryan Cleary, from Wickford, Essex, was arrested as part of a Scotland Yard and FBI probe into online hacking group LulzSec.

His counsel told City of Westminster Magistrates' Court he suffers from the form of autism, along with agoraphobia.

http://www.bbc.co.uk/news/uk-13916090

dlofnep · 25-06-2011 5:26pm

Gary McKinnon was diagnosed with the same. It makes sense - locked up in your room with only a computer to yourself - you're going to become naturally curious. Still - it doesn't excuse him using botnets to crash random servers. At least McKinnon had legitimate motives, and didn't intend to cause any problems to the network.

I've no inherent problems with greyhat hackers who are a little bit mischievous in the pursuit of understanding a system, or an attack vector - But people who purposely crash systems are arseholes.

PogMoThoin · 26-06-2011 11:02am

Lulzsec have sailed away into the horizon leaving one last stash

AOL: While you may have been secretly hoping for some juicy memos akin to The AOL Way, what we actually have is a text file that begins: “The purpose of this document is to provide the AOL Network Engineering Staff, Management and any other pertinent persons a detailed review, analysis and recommended ‘best practices’ document for the implementation of layer 4 through 7 switching configurations.” – it’s an incredibly technical document.
AT&T: A large .rar archive includes a huge number of internal documents related to AT&T’s LTE rollout. It includes meeting memos, emails, media reports, PDFs, Powerpoint presentations and more.
Battlefield Heroes: This text file appears to be a list of account details for over 550,000 users of social game Battlefield Heroes.
FBI Being Silly: This text file includes the output of a URL on the FBI website. We’ll admit to not knowing the technical significance of why this is ‘silly’ as yet.
Hackforums.net: This appears to be 200,000 user details for Hackforums.net in a .csv file.
Nato-bookshop.org: Similarly, this appears to be 220,000 user logins for a NATO online bookshop (the URL currently redirects to the main NATO site).
Evidence that LulzSec hacked the US Navy website: An image is included showing the phrase “Pablo Escobar AntiSec” inserted multiple times on a list of Navy salary grades.

Office networks of corporations: A text file seemingly listing IP numbers of internal Corporate networks, including Disney, EMI and Universal.

Email login details supposedly for a number of private investigators: Self-explanatory.
User login details for “Random gaming forums”: It’s unclear which forums.
“Silly routers”: A list of IP numbers for routers with passwords set to either ‘root’ or ‘admin’.

http://www.thehackernews.com/2011/06/50-days-of-lulz-lulzsec-says-goodbye.html

The vitual machines are most likely already wiped leaving no traces

Turkana · 20-07-2011 9:37am

I think the jig is up!

http://www.bbc.co.uk/news/world-us-canada-14212110

Police in the US, Britain and the Netherlands have detained more than 20 people as part of an investigation into major cyber attacks.

Most of the arrests were in the US, where the FBI said 16 people had been held for alleged computer hacking.

Fourteen of them were suspected of an online attack on PayPal, claimed by hacking group Anonymous, said the FBI.

In Britain, a teenager was arrested in London, while four other suspects were detained by police in the Netherlands.

FatherLen · 20-07-2011 9:39am

oh no not lulzsecs twitter account!!!!

stupidusername · 20-07-2011 9:41am

looks like someone's hacked the BBC now

Seachmall · 20-07-2011 9:42am

LulzSec announced they'd stopped a couple of weeks ago, now AntiSec are on the scene (LulzSec + others).

They also stated the teen arrested in London was not related to their "operations", he hosted their IRC server.

Turkana · 20-07-2011 9:47am

Seachmall lulzec have not stopped. They just hacked the Sun and were threatening to release some Murdoch email accounts... Anyway the twitter account is back up. Never mind! But it hasn't been updated in a while...

orourkeda · 20-07-2011 9:50am

How I lulzeced

Mr Benevolent · 20-07-2011 9:52am

I don't care.

LondonIrish90 · 20-07-2011 10:16am

Clearly not the unstoppable force they believed they were.

Have fun withe the extradition lads.

karma_ · 20-07-2011 10:30am

LondonIrish90 wrote: »

Clearly not the unstoppable force they believed they were.

Have fun withe the extradition lads.

You make baby kittens weep.

Korvanica · 20-07-2011 10:31am

Lulsec Tweeted 2 minutes ago what you ****eing on about....

20-07-2011 11:54am

LulzSec
There are six of us, and we're all still here. If you think otherwise, you are a major retard that probably reads The Sun.
7/20/11 11:45 AM

...

Turkana · 20-07-2011 1:15pm

Ok... I woke up this morning to find a bbc article about the 20 hacker arrests, then went to the lulzsec twitter where it said "this account has been closed". Seems to be grand now. God blasht it! Will they ever get caught!

Tallon · 20-07-2011 1:20pm

I louised so hard

Lulzsec merge

Comments