So, whats your opinion about Lulzsec???

[El33tsamurai]

I am sorry but they are going to far and the people hunting them have more funds backing them they will get caught someday.

[alucian]

While their adventures on the high seas are illegal, I like Patrick Gray's article Why we secretly love LulzSec:

So why do we like LulzSec?

"I told you so."

That's why.

They're finally able to open upper management's eyes as to how insecure everything really is.  They're able to do what infosec pro's have been unable to do (not due to lack of ability, but due to management's lack of caring).

It's mixed feelings really.  'Illegal...but thank you!' *shrug*

I completely agree with you. It even opened the eyes to many security managers.

[El33tsamurai]

Yeah but its a really crappy eye opener, I feel bad for them.  Also brings job security to the market though.

[El33tsamurai]

https://www.infosecisland.com/blogview/14706-LulzSec-How-Not-to-Run-an-Insurgency.html

[j0rDy]

The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some "kids who live with their parents". in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

</doomsday-mind>

hmm, it may have happened sooner then i thought:

http://www.lulzsecurity.com

This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.

[Cashiuus]

Hacker on hacker action, interesting. On3iroi setup a wordpress site announcing some operations: https://on3iroi.wordpress.com. He claims to be the one that took their site down.

[Data_Raid]

The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some "kids who live with their parents". in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

</doomsday-mind>

hmm, it may have happened sooner then i thought:

http://www.lulzsecurity.com

This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.

The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

Amazed at those passwords!

[Marinajha]

In coordination with international law enforcement agencies, police in the UK have arrested a young male connected to an infamous hacker group. The Wickford male, aged 19 years, was taken from his home to Scotland Yard for supposed computer infractions. Here is the proof: Accused member of hacker group LulzSec arrested in UK

[Cashiuus]

That is the same guy that was arrested a few days ago that LulzSec has denounced all over Twitter as not being an actual member and blaming news media for putting out coverage on false information. Who knows, could be or maybe he isn't.

[j0rDy]

Amazed at those passwords!

i always have to *facepalm* when i see another '12345' one...or any other 500 worst passwords password for that matter...

[El33tsamurai]

The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some "kids who live with their parents". in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

</doomsday-mind>

hmm, it may have happened sooner then i thought:

http://www.lulzsecurity.com

This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.

The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

Amazed at those passwords!

I have not looked at the document but could only imagine, but the problem is that no one is teaching these people what passwords should be.

[j0rDy]

The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some "kids who live with their parents". in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

</doomsday-mind>

hmm, it may have happened sooner then i thought:

http://www.lulzsecurity.com

This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.

The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

Amazed at those passwords!

I have not looked at the document but could only imagine, but the problem is that no one is teaching these people what passwords should be.

the point is that you dont have to TEACH users about strong passwords, just enforce it...or if that is not "user friendly", provide guidance in choosing a strong password (like you sometimes see at website, with a colour bar that shows the strength of the password).

[El33tsamurai]

The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some "kids who live with their parents". in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

</doomsday-mind>

hmm, it may have happened sooner then i thought:

http://www.lulzsecurity.com

This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.

The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

Amazed at those passwords!

I have not looked at the document but could only imagine, but the problem is that no one is teaching these people what passwords should be.

the point is that you dont have to TEACH users about strong passwords, just enforce it...or if that is not "user friendly", provide guidance in choosing a strong password (like you sometimes see at website, with a colour bar that shows the strength of the password).

These guys are not info sec guys, they are police officers.  They probably don't have local IT guys to tell them what a strong password are or enforce. This sounds funny to us because we know what this is, but they don't.  And to say they don't need to be TAUGHT just forced well buddy thinking like that will never get you any where.  Forcing people to do something without explaining why they should do it is going to get you no where, this is why people don't want info sec because most of info sec guys have the mentality that I know more that you so just do it.  From what I have seen and read people work better if you inform them and then tell them the requirements that need to be met, you will get less resistance this way.  So with this said people need to be taught with security awareness.

[hayabusa]

You're absolutely right.  But I think you're a bit harsh on the rebuttal, towards j0rDy, El33tsamurai.  I don't think he intended it quite the way you took it.  By enforce it, I'm certain he meant having systems and policies, in place, to not allow 'weak passwords'

That said, this is exactly why both companies and govt agencies, alike, need better security postures, and training, guided by folks who do understand the in's and out's of 'real' security.

[j0rDy]

You're absolutely right.  But I think you're a bit harsh on the rebuttal, towards j0rDy, El33tsamurai.  I don't think he intended it quite the way you took it.  By enforce it, I'm certain he meant having systems and policies, in place, to not allow 'weak passwords'

That said, this is exactly why both companies and govt agencies, alike, need better security postures, and training, guided by folks who do understand the in's and out's of 'real' security.

you are right hayabusa, thats exactly how i mean it. a security awareness training once a year wont hurt anyone, and by implementing policies and guidelines along with applications that just dont allow weak passwords (when you enter one you will get a message that the password is too weak and you have to choose another one) might be considered annoying, but giving the news items lately it has become mandatory to do so.

if you look at recent developments on password cracking, depending on the cracking and hashing method, an eight character password containing all possible characters takes about a day if you have "just" a high end workstation. after that it becomes significant longer (nine takes about a week and ten takes 20 years or something), so if you want to protect valuable information, i think you know what to do.