Generic Gamer said:
I'm going with the 'I think LulzSec is lying' crowd. Especially considering that they've hacked Nintendo and broke through the IAA (http://www.linkedin.com/company/infragard-atlanta-members-alliance) in one afternoon with little difficulty.
Great, I respect your opinion.
I'm curious as to at which point you believe LS is lying and what the correct version is.
If your idea is that this was more than an SQL injection I don't think it's a good argument either.
I'm not a security researcher myself but I do dabble in various things and have a strong opinion on where exactly good security lies.
First, all systems can be hacked and there's not a single system, encryption algorithm, no single way of securing data that is guaranteed to be unbreakable other than physical destruction.
Good security is when hacking a system using high-tech means is so unpractical (for example requires the attacker to have the computing power of the NSA at his disposal) that kidnapping the administrator and torturing him to unlock the system is a better, faster and safer choice.
Obviously LS did this hack using very little resources, little specialist knowledge and had little motivation. In other words the barrier for obtaining this data was set very, very low. Unreasonably low.
If you do believe that LS is lying however (meaning that they had to, for example, gain physical access to the internal company LAN to do this hack) then please explain more.