.

So, whats your opinion about Lulzsec???

<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Wed Jun 22, 2011 11:37 am

Re: So, whats your opinion about Lulzsec???

I am sorry but they are going to far and the people hunting them have more funds backing them they will get caught someday.
CCENT, A+, Network+, Security+
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Wed Jun 22, 2011 4:22 pm

Re: So, whats your opinion about Lulzsec???

lorddicranius wrote:While their adventures on the high seas are illegal, I like Patrick Gray's article Why we secretly love LulzSec:

So why do we like LulzSec?

"I told you so."

That's why.


They're finally able to open upper management's eyes as to how insecure everything really is.  They're able to do what infosec pro's have been unable to do (not due to lack of ability, but due to management's lack of caring).

It's mixed feelings really.  'Illegal...but thank you!' *shrug*


I completely agree with you. It even opened the eyes to many security managers.
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Wed Jun 22, 2011 4:49 pm

Re: So, whats your opinion about Lulzsec???

Yeah but its a really crappy eye opener, I feel bad for them.  Also brings job security to the market though.
CCENT, A+, Network+, Security+
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Thu Jun 23, 2011 5:27 pm

Re: So, whats your opinion about Lulzsec???

CCENT, A+, Network+, Security+
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Jun 24, 2011 2:16 am

Re: So, whats your opinion about Lulzsec???

The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some "kids who live with their parents". in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

</doomsday-mind>

hmm, it may have happened sooner then i thought:

http://www.lulzsecurity.com

This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.
Last edited by j0rDy on Fri Jun 24, 2011 2:22 am, edited 1 time in total.
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

Cashiuus

Newbie
Newbie

Posts: 5

Joined: Wed Jun 22, 2011 12:56 am

Post Fri Jun 24, 2011 2:31 am

Re: So, whats your opinion about Lulzsec???

Hacker on hacker action, interesting. On3iroi setup a wordpress site announcing some operations: https://on3iroi.wordpress.com. He claims to be the one that took their site down.
Last edited by Cashiuus on Fri Jun 24, 2011 6:29 am, edited 1 time in total.
<<

Data_Raid

User avatar

Full Member
Full Member

Posts: 165

Joined: Fri Nov 09, 2007 5:55 am

Post Fri Jun 24, 2011 3:41 am

Re: So, whats your opinion about Lulzsec???

j0rDy wrote:The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some "kids who live with their parents". in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

</doomsday-mind>

hmm, it may have happened sooner then i thought:

http://www.lulzsecurity.com

This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.



The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

Amazed at those passwords!
Last edited by Data_Raid on Fri Jun 24, 2011 7:46 am, edited 1 time in total.
All men by nature desire knowledge.

Aristotle
<<

Marinajha

Newbie
Newbie

Posts: 1

Joined: Fri Jun 24, 2011 3:55 am

Post Fri Jun 24, 2011 4:21 am

Re: So, whats your opinion about Lulzsec???

In coordination with international law enforcement agencies, police in the UK have arrested a young male connected to an infamous hacker group. The Wickford male, aged 19 years, was taken from his home to Scotland Yard for supposed computer infractions. Here is the proof: Accused member of hacker group LulzSec arrested in UK
<<

Cashiuus

Newbie
Newbie

Posts: 5

Joined: Wed Jun 22, 2011 12:56 am

Post Fri Jun 24, 2011 6:30 am

Re: So, whats your opinion about Lulzsec???

That is the same guy that was arrested a few days ago that LulzSec has denounced all over Twitter as not being an actual member and blaming news media for putting out coverage on false information. Who knows, could be or maybe he isn't.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Jun 24, 2011 7:02 am

Re: So, whats your opinion about Lulzsec???

Data_Raid wrote:Amazed at those passwords!


i always have to *facepalm* when i see another '12345' one...or any other 500 worst passwords password for that matter...
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Fri Jun 24, 2011 11:56 am

Re: So, whats your opinion about Lulzsec???

Data_Raid wrote:
j0rDy wrote:The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some "kids who live with their parents". in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

</doomsday-mind>

hmm, it may have happened sooner then i thought:

http://www.lulzsecurity.com

This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.



The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

Amazed at those passwords!


I have not looked at the document but could only imagine, but the problem is that no one is teaching these people what passwords should be.
CCENT, A+, Network+, Security+
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Jun 24, 2011 1:06 pm

Re: So, whats your opinion about Lulzsec???

El33tsamurai wrote:
Data_Raid wrote:
j0rDy wrote:The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some "kids who live with their parents". in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

</doomsday-mind>

hmm, it may have happened sooner then i thought:

http://www.lulzsecurity.com

This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.



The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

Amazed at those passwords!


I have not looked at the document but could only imagine, but the problem is that no one is teaching these people what passwords should be.


the point is that you dont have to TEACH users about strong passwords, just enforce it...or if that is not "user friendly", provide guidance in choosing a strong password (like you sometimes see at website, with a colour bar that shows the strength of the password).
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Fri Jun 24, 2011 6:20 pm

Re: So, whats your opinion about Lulzsec???

j0rDy wrote:
El33tsamurai wrote:
Data_Raid wrote:
j0rDy wrote:The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some "kids who live with their parents". in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

</doomsday-mind>

hmm, it may have happened sooner then i thought:

http://www.lulzsecurity.com

This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.



The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

Amazed at those passwords!


I have not looked at the document but could only imagine, but the problem is that no one is teaching these people what passwords should be.


the point is that you dont have to TEACH users about strong passwords, just enforce it...or if that is not "user friendly", provide guidance in choosing a strong password (like you sometimes see at website, with a colour bar that shows the strength of the password).


These guys are not info sec guys, they are police officers.  They probably don't have local IT guys to tell them what a strong password are or enforce. This sounds funny to us because we know what this is, but they don't.  And to say they don't need to be TAUGHT just forced well buddy thinking like that will never get you any where.  Forcing people to do something without explaining why they should do it is going to get you no where, this is why people don't want info sec because most of info sec guys have the mentality that I know more that you so just do it.  From what I have seen and read people work better if you inform them and then tell them the requirements that need to be met, you will get less resistance this way.  So with this said people need to be taught with security awareness.
CCENT, A+, Network+, Security+
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Jun 24, 2011 11:13 pm

Re: So, whats your opinion about Lulzsec???

You're absolutely right.  But I think you're a bit harsh on the rebuttal, towards j0rDy, El33tsamurai.  I don't think he intended it quite the way you took it.  By enforce it, I'm certain he meant having systems and policies, in place, to not allow 'weak passwords'

That said, this is exactly why both companies and govt agencies, alike, need better security postures, and training, guided by folks who do understand the in's and out's of 'real' security.
Last edited by hayabusa on Fri Jun 24, 2011 11:15 pm, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Sat Jun 25, 2011 2:26 am

Re: So, whats your opinion about Lulzsec???

hayabusa wrote:You're absolutely right.  But I think you're a bit harsh on the rebuttal, towards j0rDy, El33tsamurai.  I don't think he intended it quite the way you took it.  By enforce it, I'm certain he meant having systems and policies, in place, to not allow 'weak passwords'

That said, this is exactly why both companies and govt agencies, alike, need better security postures, and training, guided by folks who do understand the in's and out's of 'real' security.


you are right hayabusa, thats exactly how i mean it. a security awareness training once a year wont hurt anyone, and by implementing policies and guidelines along with applications that just dont allow weak passwords (when you enter one you will get a message that the password is too weak and you have to choose another one) might be considered annoying, but giving the news items lately it has become mandatory to do so.

if you look at recent developments on password cracking, depending on the cracking and hashing method, an eight character password containing all possible characters takes about a day if you have "just" a high end workstation. after that it becomes significant longer (nine takes about a week and ten takes 20 years or something), so if you want to protect valuable information, i think you know what to do.
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
PreviousNext

Return to Ethical Hacktivism

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software