lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 19 Jun 2011 12:33:47 +0200
From: "Fabio Pietrosanti (naif)" <lists@...osecurity.ch>
To: full-disclosure@...ts.grok.org.uk
Subject: Lulzsec as irc warrior 2.0?

I just wanted to make a couple of consideration about Lulzsec, without
special reason, just because it's crossing to my mind.

a) They are NOT carrying on technically complex attack

Just web hacking and sql injection over a wide set of vulnerable website.
Nothing so complex i would say, no particularly sofisticated attack has
been demonstrated or shown. Web hackers with some penetration testing
knowledge and new kiddies learning by web hacking.
>>From web hacking they get access to user data and often users use the
same passwords on other systems (email, twitter, facebook, amazon, etc).
That's the overall complexity of hacking attempt i've read about.

b) They are GOOD at making propaganda
They leverage web 2.0 and social media to create attention, anxiety
about their next releases increasing expectation and increasing media
penetration.
That's being good at making propaganda leveraging communication tools in
a clever way.
They are also in a here where the 'filtering', such as asking with a
prosecutor mandate to close a twitter account, is highly unpopular and
investigator tend to keep open the target's social networks accounts for
intelligence purposes. They got 200k followers!

c) They are GOOD at making crowd sourcing and community building

They leverage the crowd to recruit new wannabe hackers and even simple
smart powerusers to play with released username and passwords.
Like anonymous they want people to do stuff under their umbrella.
They created #lulzsecschool where wannabe and script kiddie can learn
simple web hacking on real targets.


Are they just IRC warriors in the web 2.0 social media era, where social
media exploitation provide a great set of side-effect?

If they're IRC warriors within some time they will just disappear.

Just think, the leaders before or later will start finding the games
boring, will get a girlfriend, will start going out with friends rather
than being twitter/chat addicted.

However now i need to make breakfast

-naif

p.s. i know it's a reduced overview of the phoenomena but that's not a
full analysis, but it's just an idea crossing my mind

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ