| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 Jun 2011 11:40:40 +0000 From: lulzb0at@...hmail.com To: full-disclosure@...ts.grok.org.uk, lists@...osecurity.ch Subject: Re: Lulzsec as irc warrior 2.0? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ugay its all for lulz On Sun, 19 Jun 2011 10:33:47 +0000 "Fabio Pietrosanti (naif)" <lists@...osecurity.ch> wrote: >I just wanted to make a couple of consideration about Lulzsec, >without >special reason, just because it's crossing to my mind. > >a) They are NOT carrying on technically complex attack > >Just web hacking and sql injection over a wide set of vulnerable >website. >Nothing so complex i would say, no particularly sofisticated >attack has >been demonstrated or shown. Web hackers with some penetration >testing >knowledge and new kiddies learning by web hacking. >>>From web hacking they get access to user data and often users use >the >same passwords on other systems (email, twitter, facebook, amazon, >etc). >That's the overall complexity of hacking attempt i've read about. > >b) They are GOOD at making propaganda >They leverage web 2.0 and social media to create attention, >anxiety >about their next releases increasing expectation and increasing >media >penetration. >That's being good at making propaganda leveraging communication >tools in >a clever way. >They are also in a here where the 'filtering', such as asking with >a >prosecutor mandate to close a twitter account, is highly unpopular >and >investigator tend to keep open the target's social networks >accounts for >intelligence purposes. They got 200k followers! > >c) They are GOOD at making crowd sourcing and community building > >They leverage the crowd to recruit new wannabe hackers and even >simple >smart powerusers to play with released username and passwords. >Like anonymous they want people to do stuff under their umbrella. >They created #lulzsecschool where wannabe and script kiddie can >learn >simple web hacking on real targets. > > >Are they just IRC warriors in the web 2.0 social media era, where >social >media exploitation provide a great set of side-effect? > >If they're IRC warriors within some time they will just disappear. > >Just think, the leaders before or later will start finding the >games >boring, will get a girlfriend, will start going out with friends >rather >than being twitter/chat addicted. > >However now i need to make breakfast > >-naif > >p.s. i know it's a reduced overview of the phoenomena but that's >not a >full analysis, but it's just an idea crossing my mind > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wsBcBAEBAgAGBQJN/eA4AAoJEE4sWZ2chp6RnZMH/jiMa7oqnSNWYItjyFylut3IA2+u o+L8LwTkxulyCbydn6Vn7B8K7ra5xqN/NNACsDlCmsHnpZYMJQiHKAt0riyxYMHnsA/f IfBvXdF0CKp5RzJH71oa5R8yY08NvvrU0MykNrv6oDgXR4rDTm1O+wvTlT+B2ZS8Achc VpDeNLJ8lGjJ5OmZVzSo5qw9n01jZExB2ciXYSBnbxXefjgLfxBYfueLIphU4YQE4OCU wQi0xwVPNB+lWbCi5bID1zgFZ5rSciif/K/76q/AVO/v0VATNAEMCsIeiVgyNcr4PgkX CNv+gv122pjrgV2yjtboL8Lu15J+dhWvUFZ4JQ6GRWM= =ZPzX -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists