Security Analyst Explains Why We Love Lulzsec
- Thread starter Andy Chalk
- Start date
Recommended Videos
Loving the elephant line. Also, I agree, I'd rather have the hackers be a group who don't hurt anyone, just go "Look, your security isn't going to cut it. Get your shit together", than have them be out to get personal and harming information.
That's not feasible. Anytime a purchase is made through, say PSN, your MAC address, which is locally linked to your account, must remotely access your financial information to make sure it is still valid. Customers also need to be able to change their financial information at anytime in the case that said information needs to be updated. Cutting off the data to the customer would cause all sorts of hoopla, and plus, I don't think it's legal. While it is very well known that XBL hijacks customers' information, which is being disputed by a lot of people as of late, they still allow access to it so a customer can put in a new number. They have a gray area thing going on. Not sure for how long though.Psycho Cat Industries said:
Exactly. The way Gray worded it, it sounds like "If you don't turn on your burglar alarm, but lock your doors and windows at night, it's still your fault a burglar broke in." Well what if we don't know how to work the darn alarm (i.e. not so saavy in how to keep our computer secure)?!-Samurai- said:
This. I don't like the way this Patrick Gray guy is assuming everyone should be praising these renegade brats.DustyDrB said:
So? What gives them ANY right to go around attacking websites? "For the lulz" is a fucking retarded excuse. Try again. They're not teaching anything, unless they're teaching "People are dicks, DON'T BE LIKE US."Sebenko said:
Do we really need to bring up the rape/robbery comparison again?
Blame the fucking attacker, NOT the victim. If they weren't immature dicks, this wouldn't be a fucking problem! They're certainly not "teaching anyone lessons", they're criminals. They're releasing PRIVATE INFORMATION to the public. The fact that they're even in ANY private information storage is beyond criminal activity.
Either grow the fuck up or go to Hell, 'LulzSec'..
Basically, I agree with everything you said. Only, you're working under the assumption that data got "stolen" and published in the process. Now, to the best of my knowledge, this has yet to be conclusively proven in LulzSecs case. And this is the crux of the matter: If they publish the data, the publishing is to be condemned.Googooguru said:
However, this does not invalidate the benefit of showing the people in charge their lack of security. And this one factum is what the security guy whose name I forgot and am too lazy to look up aims at:
No matter what LulzSec and friends do, apart from the harm they may or may not cause, the security guys (myself included. As a network professional, I have do work on security detail, too. That security isn't my area of expertise is in itself part of the problem...) cheer for the effect of SHOWING, not TELLING the non-tech-people just how vulnerable they are and just how valuable security really is.
Sure, it would be better if they just asked their trusted technicians instead of cutting security budgets left and right (or, in some cases, not even alocating a budget...) and then implementing as much security as is feasible, but the fact remains: The people in charge don't know what they're doing. For most of them, IT tech is the next thing to magic, and they have proven time and again that they won't listen. The security guys are cheering for Lulz because while you can ignore the technician, you can't easily ignore the (alleged) criminals.
tl;dr: The rising security awareness is the silver lining to the dark cloud of crackers attacks.
Quick aside on the whole "Hacking has become too positively connotated"-argument:
Well, you can blame the media for that. Since day one IT people have distinguished between "Hackers" and "Crackers"... only the media don't get the distinction into their heads. It's basically the same as the distinction between "Soldier" and "Mercenary"...
The kids on here don't realize this is way bigger then their stupid video games. The next thing that is going to happen is the corporations will run crying to the state to protect their profits. Draconian control of the internet will happen allowing Big Brother to spy on you, controlling what information you can and can not learn.IndianaJonny said:
Profits > People
Agreed it sounds faulty, so here is the only explanation I can think of. I don't think people will care that it doesn't work because they are scared. It is like a night light:Twilight_guy said:
Does it do anything to protect you at night NO
Do you feel safe when you have it YES
I approve of LulzSec as of now. They're forcing companies to take care of the customers.
Besides, profits> People is true, and that's why companies are shirking costs on Basic IT Security.
So I'd rather take a hacker group that humiliates companies into doing something to protect personal data now than having to pay for it later when some actual thieves swoop in and take my personal data.
I don't think it's likely companies will condone a draconian rule over the internet. The main reason why so many people choose the internet to do business is because of convenience. We're all really lazy people in the end, and the internet's the facilitator. Controlling the internet will only decrease profits for these companies, and they know it.tehroc said:
Besides, profits> People is true, and that's why companies are shirking costs on Basic IT Security.
So I'd rather take a hacker group that humiliates companies into doing something to protect personal data now than having to pay for it later when some actual thieves swoop in and take my personal data.
Right, because hacking part of Sony's infrastructure (Sony music, was it?) and releasing over a million names, email accounts and passwords on their website is harmless and makes me love them.
The damage is done, after that incident, LulzSec can go fuck themselves, if they were following any sort of hacker ethos, they wouldn't have made that much information publicly available to anyone who takes a passing glance at their site.
The damage is done, after that incident, LulzSec can go fuck themselves, if they were following any sort of hacker ethos, they wouldn't have made that much information publicly available to anyone who takes a passing glance at their site.
It wouldn't surprise me if it was them to be fair.Kopikatsu said:
This is just it though, how can people claim that LulzSec are just in it for giggles and to expose security flaws when they openly steal customer information and make it publicly available? That's black hat shit and makes them worthy of every shred of hate they get.
Have they actually made it publicly available? I thought they just took the info to inform people that Sony stores passwords in plain text and that sort of thing.Master Kuja said:
I guess lulzsec would be alright if they did it only to bring awareness, without actually harming any users, but publicly sharing customer info is bad form.
They did, it's on their website, from AutoTrader user databases to Sony music user databases and admin databases, it's just lists of plain text email addressed and passwords that they've made open to anyone who wants to take a look.dyre said:
Arab Spring is pretty much driven by the internet and the availability of information. You think those in power are in favour of that? Controlling the flow of information is key to a successful oppressive regime. We've got allied dictatorships falling and what's happening in the middle east can occur here in the West.Mercurial Maniac said:
So you would all prefer for internet security to remain at it's current crappy level until a group of hackers who are in it for a less neutral reason than mischief do some real damage?
You know, other than preventing people from playing shooty things for a week or two?
You know, other than preventing people from playing shooty things for a week or two?
The honest truth? Yes, most people would rather stick their heads in the sand and pretend security problems don't exist, while most corporations would rather not spend a dime on security.similar.squirrel said:
This results, of course, in clueless idiots using computers and constantly becom
---
This is more like "If you don't have your brakes checked when you notice a problem, you're at fault when you can't stop and run into something" or "When the 'Check Engine' light is on, and you don't go have it looked at, it's your fault when your engine is hosed."Android2137 said:
Here's how to keep your computer secure:
1) Don't be stupid.
2) Watch the links you click on.
3) Don't randomly open spam and click on links.
4) On the off-chance that you actually wind up with a piece of drive-by-downloaded spyware, immediately stop using your computer. Don't just start coughing up cash every time a dialog box pops up.
5) If you wind up with spyware, you *know* which site delivered it. It was the last site you were on. Stop visiting that website.
5b) Alternately, you can hope that Lulzsec or Anon decides to hack that site, and the admins then secure their website, rather than ignoring the obvious security flaw that allowed for the distribution of malicious software in the first place.
6) Don't be stupid.
7) Run Antivirus and Antispyware software, if you're on Windows. <a href=http://www.microsoft.com/security_essentials>Microsoft Security Essentials is free, so there's ABSOLUTELY NO EXCUSE to not at least run this. As a handy bonus, I've yet to see it take more than 48 hours for them to add a new detection.
8) Don't Be Stupid, if you're on OSX. At least for the moment, every piece of OSX malware requires direct user intervention to install. If you get spyware on your Mac, YOU are directly at fault.
8b) At the moment, *nearly* every piece of Win7 spyware can be stopped in its tracks by not disabling User Account Control. I regularly remove spyware from people's machines. Most of the people who claim that they "know nothing about computers" have had UAC disabled. If you don't know what it does, why would you disable it? Do you also randomly pull parts off your car?
9) Install Windows/OSX Updates. I don't care if you think an update raped your dog and killed your wife. If you don't regularly install updates, that's more fault you're taking for a security issue. Both Windows and OSX make it difficult to *not* install updates. If you're worried about a service pack install or major OSX update causing problems, take it to a local shop and spend $30. You shouldn't have to do that but once a year.
That covers everything pretty well.
For now.
I know almost *nothing* about cars and car repair. Fortunately, through the magical world of Google, I don't need to know a lot about something to find out more, and over the years I've learned how to do some basic maintenance and troubleshooting. It would be nice if people would take the same initiative with their computers.
This dude sounds so professional, I just can't imagine why anyone would ignore him. Also he's forgetting a big rule, it doesn't matter what security you implement, unless you can create a way that detects your system being hacked and can cause the hacker's computer to explode, hackers will always have the upper hand.
