I am sorry but they are going to far and the people hunting them have more funds backing them they will get caught someday.

Yeah but its a really crappy eye opener, I feel bad for them.  Also brings job security to the market though.

The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some "kids who live with their parents". in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

</doomsday-mind>

hmm, it may have happened sooner then i thought:

http://www.lulzsecurity.com

The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

Amazed at those passwords!

That is the same guy that was arrested a few days ago that LulzSec has denounced all over Twitter as not being an actual member and blaming news media for putting out coverage on false information. Who knows, could be or maybe he isn't.

I have not looked at the document but could only imagine, but the problem is that no one is teaching these people what passwords should be.

These guys are not info sec guys, they are police officers.  They probably don't have local IT guys to tell them what a strong password are or enforce. This sounds funny to us because we know what this is, but they don't.  And to say they don't need to be TAUGHT just forced well buddy thinking like that will never get you any where.  Forcing people to do something without explaining why they should do it is going to get you no where, this is why people don't want info sec because most of info sec guys have the mentality that I know more that you so just do it.  From what I have seen and read people work better if you inform them and then tell them the requirements that need to be met, you will get less resistance this way.  So with this said people need to be taught with security awareness.

you are right hayabusa, thats exactly how i mean it. a security awareness training once a year wont hurt anyone, and by implementing policies and guidelines along with applications that just dont allow weak passwords (when you enter one you will get a message that the password is too weak and you have to choose another one) might be considered annoying, but giving the news items lately it has become mandatory to do so.

if you look at recent developments on password cracking, depending on the cracking and hashing method, an eight character password containing all possible characters takes about a day if you have "just" a high end workstation. after that it becomes significant longer (nine takes about a week and ten takes 20 years or something), so if you want to protect valuable information, i think you know what to do.