Security Analyst Explains Why We Love Lulzsec

[RvLeshrac]

This dude sounds so professional, I just can't imagine why anyone would ignore him. Also he's forgetting a big rule, it doesn't matter what security you implement, unless you can create a way that detects your system being hacked and can cause the hacker's computer to explode, hackers will always have the upper hand.

The "dude who sounds professional" turned out to be a complete fraud who knows nothing about securing enterprise systems.

I'll take the "guy who actually knows what he's doing" over the "guy who sounds professional" any day of the week.

Maybe you should learn to focus on substance and results rather than flashy credentials and a smile?

 

[Frostbite3789]

So if some random person breaks into your house, and you come home to them sitting on your couch watching cable and eating your Snickers that's OK... as long as they did it to show you that your alarm system is actually poorly designed and that they need to change your locks ..its perfectly acceptable that they violated your privacy and Rights.. it was for your own good anyways.

Seriously? Yes, indeed.
If you can break into my house, I'd rather have it that you wait for me, don't do any harm and inform me on my state of security.

And, to put your argument in perspective:
If I ran a bank, and someone just walked in and grabbed some bags o' money which he dumps on my desk the next morning to show me how piss poor my security assets are, I'd rather thank them, too.
After all, this money is my business asset, so I'd rather have it secured.

Same goes for online companies. Their data is their biggest asset. And most of the time they do jack shit in securing it.

They aren't dumping the money on the counter though. They aren't breaking into your home and telling you your alarm sucks. They're breaking into your house, stealing your TV, computer and jewelry, then leaving a note that says your alarm sucks.

 

[Frostbite3789]

This dude sounds so professional, I just can't imagine why anyone would ignore him. Also he's forgetting a big rule, it doesn't matter what security you implement, unless you can create a way that detects your system being hacked and can cause the hacker's computer to explode, hackers will always have the upper hand.

The "dude who sounds professional" turned out to be a complete fraud who knows nothing about securing enterprise systems.

I'll take the "guy who actually knows what he's doing" over the "guy who sounds professional" any day of the week.

Maybe you should learn to focus on substance and results rather than flashy credentials and a smile?

Maybe you should understand how the real world works. You can't go into a company or come out with a statement that has leetspeak in it, you cuss up a storm and expect to be taken seriously.

I mean, is he shocked? Companies aren't going to want that person, it's great you're knowledgeable, but whether it's right or wrong, it doesn't matter, it's how the world works, you have at least show an iota of professionalism and not sound like one of the internet dipshits you're applauding.

 

[RvLeshrac]

This dude sounds so professional, I just can't imagine why anyone would ignore him. Also he's forgetting a big rule, it doesn't matter what security you implement, unless you can create a way that detects your system being hacked and can cause the hacker's computer to explode, hackers will always have the upper hand.

The "dude who sounds professional" turned out to be a complete fraud who knows nothing about securing enterprise systems.

I'll take the "guy who actually knows what he's doing" over the "guy who sounds professional" any day of the week.

Maybe you should learn to focus on substance and results rather than flashy credentials and a smile?

Maybe you should understand how the real world works. You can't go into a company or come out with a statement that has leetspeak in it, you cuss up a storm and expect to be taken seriously.

I mean, is he shocked? Companies aren't going to want that person, it's great you're knowledgeable, but whether it's right or wrong, it doesn't matter, it's how the world works, you have at least show an iota of professionalism and not sound like one of the internet dipshits you're applauding.

Then they'll continue to lose valuable corporate data, lose consumer confidence, lose customers, and lose money.

 

[Frostbite3789]

snip

Not really, in the article the dude even says hackers really can't be stopped. Also he sounds like a tool and probably is. He has absolutely no proof he can do a better job, just heresy and what he claims. And taking people's word at face value. Always a good idea.

"THIS GUY TALKS LIKE HE HAS BEEN ON THE INTERNET. SECURITY EXPERT LOL". How can you for sure say he knows anymore than the people who are in charge of security now. You can't.

 

[MasterOfHisOwnDomain]

Didn'd they steal people's personal information? I don't like anyone who does that, however smartly they go about it.

 

[Sikratua]

Yes Yes Yes. So far Lulzsec has embodied true hacker ethos. They will wreck a company's shit but not to steal or hurt customers. Instead they just prove that they can break the system. In the long run hackers like these make the systems we use more secure and I am glad to see that some security professionals get it.

Right.... Because Lulzsec never put anyone's personal information onto the internet for everyone to...... Wait a minute.

 

[Saltyk]

So they are a necessary evil? Well, evil is still evil. But if its a choice between these guys and someone actually trying to do harm, I'll take them. I'd just rather we not have any hackers.

 

[JET1971]

I sent Jericho at atrition a message that he needed to update Joe Blacks asshat page. right under the screenshot of Joe saying his website was the first to be 100% secure. but he will probably put my email in the postal section instead because i didnt offer hookers and beer.

 

[RvLeshrac]

snip

Not really, in the article the dude even says hackers really can't be stopped. Also he sounds like a tool and probably is. He has absolutely no proof he can do a better job, just heresy and what he claims. And taking people's word at face value. Always a good idea.

"THIS GUY TALKS LIKE HE HAS BEEN ON THE INTERNET. SECURITY EXPERT LOL". How can you for sure say he knows anymore than the people who are in charge of security now. You can't.

He's right. They can't be stopped. Neither can burglars. You CAN, however, implement proper security audits to ensure that you're reasonably safe from them, in the same way that you can purchase an alarm system or arm yourself to mitigate the threat from a burglar.

 

[randomrob]

So if a pirate sank a ship and said "oh don't worry, we just did for the lulz, it's not like we stole anything from on board, and to be honest, it was badly protected anyway it deserved to get sunk!" Would that be ok?

 

[Psycho Cat Industries]

Why not just store your data on an ethernet seperate from the web?

That's not feasible. Anytime a purchase is made through, say PSN, your MAC address, which is locally linked to your account, must remotely access your financial information to make sure it is still valid. Customers also need to be able to change their financial information at anytime in the case that said information needs to be updated. Cutting off the data to the customer would cause all sorts of hoopla, and plus, I don't think it's legal. While it is very well known that XBL hijacks customers' information, which is being disputed by a lot of people as of late, they still allow access to it so a customer can put in a new number. They have a gray area thing going on. Not sure for how long though.

I'm not talking on the market front.You always hear about these things,or leaked trailers,or project cafe,etc.,etc.,etc.

If its on different waters then you can't sail the tides of the information.

You do pose a good point though with the buyer part.That'd have to stay mainstream.

captcha:how do you pull up the omega symbol?

 

[Lancer873]

In order to become secure, we must first experience danger. The more secure we are, the less we experience danger. The less we experience danger, the less security matters to us. The less security matters to us, the more susceptible we are to danger...

How lovely the paradox... in order to bring security to the internet, we need hackers like this to bring danger to the internet.

 

[JET1971]

Why not just store your data on an ethernet seperate from the web?

That's not feasible. Anytime a purchase is made through, say PSN, your MAC address, which is locally linked to your account, must remotely access your financial information to make sure it is still valid. Customers also need to be able to change their financial information at anytime in the case that said information needs to be updated. Cutting off the data to the customer would cause all sorts of hoopla, and plus, I don't think it's legal. While it is very well known that XBL hijacks customers' information, which is being disputed by a lot of people as of late, they still allow access to it so a customer can put in a new number. They have a gray area thing going on. Not sure for how long though.

The information can be stored in another server that has limited access from the web server. such as CC and passwords being on different servers in the network and is one way traffic to the webside. so you as a customer can store the CC but cannot ever see the whole number when you check to see if its the correct one. usualy *************0408 with the last 4 digits of the CC showing. the customer enters in the new card number and it gets stored on the other server never to be fully sent to the web server again. the limited access is the CC information can be sent in full one way and only be sent back with a partial number and no other communication between the 2 servers is allowed.

Doing this when the web server gets hacked they do not have imediate access to sensitive information and must proceed to hack into the other servers that have limited access and most likely that access is monitored. most hackers will cut and run because the more they poke around the greater the risk. Hackers want to get in grab the info and get out without getting caught so the information they stole remains valid for a longer period of time. case in point the PSN hack. they had free run between servers, the CC info and password was not in a more secure server that required them to hack into it as well, and they got caught because they came back looking for more. If they cut and ran after getting the CC info it couldve been weeks or monthes before the breach was discovered depending on how much the IT people at Sony go over the logs.

 

[Plurralbles]

okay, but I hate them... because of hte sad state of internet security.


I guess I should be hating security companies more for being less than stellar.

 

[aesondaandryk]

Waste of an article.

 

[pneuma08]

The problem with LulzSec is that they act very close to the most destructive way possible. Embarrassing companies is one thing, but doing so by dumping all over their customers and everyone who happens to be close by is another.

You don't point out security holes in an apartment complex by passing out duplicate keys.

 

[Weaver]

I said the exact same thing in previous lulzsec threads but the entireity of the escapist flamed me into the ground.

Anyone with an education in computer security likely sees what they're doing as beneficial.
For instance, they hacked SonyPictures; but they went public with it. How do we know the people who hacked PSN didn't also hack sony pictures with the obvious catch that due to sony's bad security, simply no one knew or had any way of knowing?

 

[RatRace123]

If people like them didn't exist then we wouldn't need people like them to exist.

In a less confusing way, we wouldn't need people to break in and point out the flaws in security if people didn't act like assholes and try to do stuff like that in the first place.
Oh well, at least they're a "nice" hacking group for doing this and not an amoral one, right?

 

[Spygon]

See, the thing about security is; If people didn't do illegal things and break into places they aren't supposed to be in, to take things that aren't theirs, we wouldn't need security.

Also if we lived in a world where nothing bad ever happened and everybody lived for a long age perfect life we would not need doctors,lawyers,fire department,police,armed forces,fences,banks,alarms etc.

Wake up we do not live in that world deal with it bad things will happen.Sosomeone pointing them out to people who should be protecting things is a good thing.