.

So, whats your opinion about Lulzsec???

<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 220

Joined: Sat Feb 03, 2007 4:01 pm

Post Sat Jun 25, 2011 8:14 am

Re: So, whats your opinion about Lulzsec???

hayabusa wrote:You're absolutely right.  But I think you're a bit harsh on the rebuttal, towards j0rDy, El33tsamurai.  I don't think he intended it quite the way you took it.  By enforce it, I'm certain he meant having systems and policies, in place, to not allow 'weak passwords'

That said, this is exactly why both companies and govt agencies, alike, need better security postures, and training, guided by folks who do understand the in's and out's of 'real' security.


I agree with you and sorry did not mean for it to come off so harsh just working with people that don't know this stuff I know how sometimes it can be frustrating for them if its forced on them.  The biggest problem before this happened I would say is companies did not want to give that much money to the info sec department because they thought well who's going to hack us.  Now I think more money will be put towards info sec I hope.
CCENT, A+, Network+, Security+
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 220

Joined: Sat Feb 03, 2007 4:01 pm

Post Sat Jun 25, 2011 8:23 am

Re: So, whats your opinion about Lulzsec???

j0rDy wrote:
hayabusa wrote:You're absolutely right.  But I think you're a bit harsh on the rebuttal, towards j0rDy, El33tsamurai.  I don't think he intended it quite the way you took it.  By enforce it, I'm certain he meant having systems and policies, in place, to not allow 'weak passwords'

That said, this is exactly why both companies and govt agencies, alike, need better security postures, and training, guided by folks who do understand the in's and out's of 'real' security.


you are right hayabusa, thats exactly how i mean it. a security awareness training once a year wont hurt anyone, and by implementing policies and guidelines along with applications that just dont allow weak passwords (when you enter one you will get a message that the password is too weak and you have to choose another one) might be considered annoying, but giving the news items lately it has become mandatory to do so.

if you look at recent developments on password cracking, depending on the cracking and hashing method, an eight character password containing all possible characters takes about a day if you have "just" a high end workstation. after that it becomes significant longer (nine takes about a week and ten takes 20 years or something), so if you want to protect valuable information, i think you know what to do.



Hey man I am sorry if I came off harsh, also on this note I think security awareness should be going on all the time.  Should have posters made and put up all over the place ie:

http://www.infosecuritylab.com/index.php?page=9

This will make people smile as they walk by and more likely to remember the message.  Have the positions changes once a month so the same people are looking at different posters all the time.  Have a security intranet website or newsletter where the people can go and get updates about info sec.  Give away things like pens, mugs, mouse pads, ect if the budge allows for it to people that are security conscience.  Then have trainings once every 6 months or year, but make it fun so people will want to come not just a power point and lecture.  The more fun you make it the more people will want to do it.
CCENT, A+, Network+, Security+
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Sun Jun 26, 2011 8:53 am

Re: So, whats your opinion about Lulzsec???

Is it truly the end of Lulzsec???

http://pastebin.com/1znEGmHa

Perhaps it is for the best, statement is made, the whole IT market is on its toes again and we are getting more work then ever...
CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 220

Joined: Sat Feb 03, 2007 4:01 pm

Post Mon Jun 27, 2011 9:31 am

Re: So, whats your opinion about Lulzsec???

Looks like they are quitting before they all get caught, wonder if this will help them.  The people looking for them I fell will probably find them with all the sorceress at there disposal.
CCENT, A+, Network+, Security+
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 220

Joined: Sat Feb 03, 2007 4:01 pm

Post Mon Jun 27, 2011 9:46 am

Re: So, whats your opinion about Lulzsec???

https://www.infosecisland.com/blogview/14784-Warning-Original-50-Days-of-Lulz-Payload-is-Infected.html

Well, well check this out turns out the RAR file offered as a torrent download turns out to be a backdoor malware!
CCENT, A+, Network+, Security+
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 220

Joined: Sat Feb 03, 2007 4:01 pm

Post Mon Jun 27, 2011 9:52 am

Re: So, whats your opinion about Lulzsec???

CCENT, A+, Network+, Security+
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Tue Jun 28, 2011 2:12 am

Re: So, whats your opinion about Lulzsec???

hmm, i wonder if lulzsec put the RBOT malware there or if the actual system was infected...guess we will never know...
CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 459

Joined: Thu Mar 03, 2011 3:54 am

Post Tue Jun 28, 2011 8:15 am

Re: So, whats your opinion about Lulzsec???

An interesting analysis of the download:

Is LulzSec Final Release really infected with a Trojan?
Last edited by lorddicranius on Tue Jun 28, 2011 10:16 am, edited 1 time in total.
GSEC, eCPPT, Sec+
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 220

Joined: Sat Feb 03, 2007 4:01 pm

Post Tue Jun 28, 2011 10:12 am

Re: So, whats your opinion about Lulzsec???

j0rDy wrote:hmm, i wonder if lulzsec put the RBOT malware there or if the actual system was infected...guess we will never know...


Come on man oldest trick in the book.  Trojan horse ring a bell, lol?
CCENT, A+, Network+, Security+
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 459

Joined: Thu Mar 03, 2011 3:54 am

Post Tue Jun 28, 2011 11:54 am

Re: So, whats your opinion about Lulzsec???

A follow-up/supporting article to the previous link I posted:

LulzSec's Parting Trojan Is a False Positive

So, was AT&T using a pirated copy of WinRar? haha
GSEC, eCPPT, Sec+
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Wed Jun 29, 2011 5:50 am

Re: So, whats your opinion about Lulzsec???

El33tsamurai wrote:
j0rDy wrote:hmm, i wonder if lulzsec put the RBOT malware there or if the actual system was infected...guess we will never know...


Come on man oldest trick in the book.  Trojan horse ring a bell, lol?


odds are (were actually) they put it in themselves, but if they just copy files from a system, chances are they copy (without knowing about it) an infected file with it...but the pirated WinRar story is great!
CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
Previous

Return to Ethical Hacktivism

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software