Security Analyst Explains Why We Love Lulzsec

[Frostbite3789]

snip

Not really, in the article the dude even says hackers really can't be stopped. Also he sounds like a tool and probably is. He has absolutely no proof he can do a better job, just heresy and what he claims. And taking people's word at face value. Always a good idea.

"THIS GUY TALKS LIKE HE HAS BEEN ON THE INTERNET. SECURITY EXPERT LOL". How can you for sure say he knows anymore than the people who are in charge of security now. You can't.

 

[MasterOfHisOwnDomain]

Didn'd they steal people's personal information? I don't like anyone who does that, however smartly they go about it.

 

[Sikratua]

Yes Yes Yes. So far Lulzsec has embodied true hacker ethos. They will wreck a company's shit but not to steal or hurt customers. Instead they just prove that they can break the system. In the long run hackers like these make the systems we use more secure and I am glad to see that some security professionals get it.

Right.... Because Lulzsec never put anyone's personal information onto the internet for everyone to...... Wait a minute.

 

[Saltyk]

So they are a necessary evil? Well, evil is still evil. But if its a choice between these guys and someone actually trying to do harm, I'll take them. I'd just rather we not have any hackers.

 

[JET1971]

I sent Jericho at atrition a message that he needed to update Joe Blacks asshat page. right under the screenshot of Joe saying his website was the first to be 100% secure. but he will probably put my email in the postal section instead because i didnt offer hookers and beer.

 

[RvLeshrac]

snip

Not really, in the article the dude even says hackers really can't be stopped. Also he sounds like a tool and probably is. He has absolutely no proof he can do a better job, just heresy and what he claims. And taking people's word at face value. Always a good idea.

"THIS GUY TALKS LIKE HE HAS BEEN ON THE INTERNET. SECURITY EXPERT LOL". How can you for sure say he knows anymore than the people who are in charge of security now. You can't.

He's right. They can't be stopped. Neither can burglars. You CAN, however, implement proper security audits to ensure that you're reasonably safe from them, in the same way that you can purchase an alarm system or arm yourself to mitigate the threat from a burglar.

 

[randomrob]

So if a pirate sank a ship and said "oh don't worry, we just did for the lulz, it's not like we stole anything from on board, and to be honest, it was badly protected anyway it deserved to get sunk!" Would that be ok?

 

[Psycho Cat Industries]

Why not just store your data on an ethernet seperate from the web?

That's not feasible. Anytime a purchase is made through, say PSN, your MAC address, which is locally linked to your account, must remotely access your financial information to make sure it is still valid. Customers also need to be able to change their financial information at anytime in the case that said information needs to be updated. Cutting off the data to the customer would cause all sorts of hoopla, and plus, I don't think it's legal. While it is very well known that XBL hijacks customers' information, which is being disputed by a lot of people as of late, they still allow access to it so a customer can put in a new number. They have a gray area thing going on. Not sure for how long though.

I'm not talking on the market front.You always hear about these things,or leaked trailers,or project cafe,etc.,etc.,etc.

If its on different waters then you can't sail the tides of the information.

You do pose a good point though with the buyer part.That'd have to stay mainstream.

captcha:how do you pull up the omega symbol?

 

[Lancer873]

In order to become secure, we must first experience danger. The more secure we are, the less we experience danger. The less we experience danger, the less security matters to us. The less security matters to us, the more susceptible we are to danger...

How lovely the paradox... in order to bring security to the internet, we need hackers like this to bring danger to the internet.

 

[JET1971]

Why not just store your data on an ethernet seperate from the web?

That's not feasible. Anytime a purchase is made through, say PSN, your MAC address, which is locally linked to your account, must remotely access your financial information to make sure it is still valid. Customers also need to be able to change their financial information at anytime in the case that said information needs to be updated. Cutting off the data to the customer would cause all sorts of hoopla, and plus, I don't think it's legal. While it is very well known that XBL hijacks customers' information, which is being disputed by a lot of people as of late, they still allow access to it so a customer can put in a new number. They have a gray area thing going on. Not sure for how long though.

The information can be stored in another server that has limited access from the web server. such as CC and passwords being on different servers in the network and is one way traffic to the webside. so you as a customer can store the CC but cannot ever see the whole number when you check to see if its the correct one. usualy *************0408 with the last 4 digits of the CC showing. the customer enters in the new card number and it gets stored on the other server never to be fully sent to the web server again. the limited access is the CC information can be sent in full one way and only be sent back with a partial number and no other communication between the 2 servers is allowed.

Doing this when the web server gets hacked they do not have imediate access to sensitive information and must proceed to hack into the other servers that have limited access and most likely that access is monitored. most hackers will cut and run because the more they poke around the greater the risk. Hackers want to get in grab the info and get out without getting caught so the information they stole remains valid for a longer period of time. case in point the PSN hack. they had free run between servers, the CC info and password was not in a more secure server that required them to hack into it as well, and they got caught because they came back looking for more. If they cut and ran after getting the CC info it couldve been weeks or monthes before the breach was discovered depending on how much the IT people at Sony go over the logs.

 

[Plurralbles]

okay, but I hate them... because of hte sad state of internet security.


I guess I should be hating security companies more for being less than stellar.

 

[aesondaandryk]

Waste of an article.

 

[pneuma08]

The problem with LulzSec is that they act very close to the most destructive way possible. Embarrassing companies is one thing, but doing so by dumping all over their customers and everyone who happens to be close by is another.

You don't point out security holes in an apartment complex by passing out duplicate keys.

 

[Weaver]

I said the exact same thing in previous lulzsec threads but the entireity of the escapist flamed me into the ground.

Anyone with an education in computer security likely sees what they're doing as beneficial.
For instance, they hacked SonyPictures; but they went public with it. How do we know the people who hacked PSN didn't also hack sony pictures with the obvious catch that due to sony's bad security, simply no one knew or had any way of knowing?

 

[RatRace123]

If people like them didn't exist then we wouldn't need people like them to exist.

In a less confusing way, we wouldn't need people to break in and point out the flaws in security if people didn't act like assholes and try to do stuff like that in the first place.
Oh well, at least they're a "nice" hacking group for doing this and not an amoral one, right?

 

[Spygon]

See, the thing about security is; If people didn't do illegal things and break into places they aren't supposed to be in, to take things that aren't theirs, we wouldn't need security.

Also if we lived in a world where nothing bad ever happened and everybody lived for a long age perfect life we would not need doctors,lawyers,fire department,police,armed forces,fences,banks,alarms etc.

Wake up we do not live in that world deal with it bad things will happen.Sosomeone pointing them out to people who should be protecting things is a good thing.

 

[Alar]

I don't love them at all. I'm fairly certain they're a bunch of assholes who are breaking the law because they think it's funny. It's not even justice or revenge at this point, they're just randomly striking at people because they feel like it.

So no, there's no love from me whatsoever.

Also, I'm fairly certain posting up all the information they hacked from Sony online hurts the customers. Why? BECAUSE EVERYONE CAN SEE IT! Yes, it's much more secure now LulzSec, thank you.

 

[Sebenko]

So? What gives them ANY right to go around attacking websites? "For the lulz" is a fucking retarded excuse. Try again. They're not teaching anything, unless they're teaching "People are dicks, DON'T BE LIKE US."

Do we really need to bring up the rape/robbery comparison again?

Blame the fucking attacker, NOT the victim. If they weren't immature dicks, this wouldn't be a fucking problem! They're certainly not "teaching anyone lessons", they're criminals. They're releasing PRIVATE INFORMATION to the public. The fact that they're even in ANY private information storage is beyond criminal activity.

Either grow the fuck up or go to Hell, 'LulzSec'..

They don't, but does "not having the right" ever stop anyone?

I'll be first in line to gloat if any of these places get hacked again by someone who wants actual value from them.

 

[RvLeshrac]

So? What gives them ANY right to go around attacking websites? "For the lulz" is a fucking retarded excuse. Try again. They're not teaching anything, unless they're teaching "People are dicks, DON'T BE LIKE US."

Do we really need to bring up the rape/robbery comparison again?

Blame the fucking attacker, NOT the victim. If they weren't immature dicks, this wouldn't be a fucking problem! They're certainly not "teaching anyone lessons", they're criminals. They're releasing PRIVATE INFORMATION to the public. The fact that they're even in ANY private information storage is beyond criminal activity.

Either grow the fuck up or go to Hell, 'LulzSec'..

They don't, but does "not having the right" ever stop anyone?

I'll be first in line to gloat if any of these places get hacked again by someone who wants actual value from them.

This. I don't know why people think that "being right" and "being a dick" are mutually exclusive. Sometimes, the only way to get people to shut up and listen to what you have to say is by being the biggest dick.

----

I don't love them at all. I'm fairly certain they're a bunch of assholes who are breaking the law because they think it's funny. It's not even justice or revenge at this point, they're just randomly striking at people because they feel like it.

So no, there's no love from me whatsoever.

Also, I'm fairly certain posting up all the information they hacked from Sony online hurts the customers. Why? BECAUSE EVERYONE CAN SEE IT! Yes, it's much more secure now LulzSec, thank you.

You'd rather someone have your information and not know about it, right? Because that couldn't possibly be substantially worse than being forewarned about the complete lack of security, yes? I know *I* don't ever want to be warned before something bad happens, so I can prepare for it.

How about the fact that people mentioned PSN's insecurity for ages before the actual hacks, but no one listened? As stated above, sometimes you don't have a choice but to be a dick to get people to pay attention to you.

 

[Lightslei]

I wouldn't be surprised if soon news starts spreading, about the "global war on cyber-terrorism", and how most countries in the world will be enforcing legislations, to "protect us" from the dangers of the internet......

...by restricting our access and controlling what we do.

Probably pretty bad that I've been watching V for Vendetta lately than.


Companies are incompetent, and always look for the highest profit margin. I'd rather have a lower profit for a company that actually cares about it's customers.