lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 21 Jun 2011 12:27:19 -0300
From: Michel Pereira <michel@...hel.eti.br>
To: "Fabio Pietrosanti (naif)" <lists@...osecurity.ch>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Lulzsec as irc warrior 2.0?

   And everyone are not good on to protect their systems.

Bye

On Sun, Jun 19, 2011 at 7:33 AM, Fabio Pietrosanti (naif) <
lists@...osecurity.ch> wrote:

> I just wanted to make a couple of consideration about Lulzsec, without
> special reason, just because it's crossing to my mind.
>
> a) They are NOT carrying on technically complex attack
>
> Just web hacking and sql injection over a wide set of vulnerable website.
> Nothing so complex i would say, no particularly sofisticated attack has
> been demonstrated or shown. Web hackers with some penetration testing
> knowledge and new kiddies learning by web hacking.
> >From web hacking they get access to user data and often users use the
> same passwords on other systems (email, twitter, facebook, amazon, etc).
> That's the overall complexity of hacking attempt i've read about.
>
> b) They are GOOD at making propaganda
> They leverage web 2.0 and social media to create attention, anxiety
> about their next releases increasing expectation and increasing media
> penetration.
> That's being good at making propaganda leveraging communication tools in
> a clever way.
> They are also in a here where the 'filtering', such as asking with a
> prosecutor mandate to close a twitter account, is highly unpopular and
> investigator tend to keep open the target's social networks accounts for
> intelligence purposes. They got 200k followers!
>
> c) They are GOOD at making crowd sourcing and community building
>
> They leverage the crowd to recruit new wannabe hackers and even simple
> smart powerusers to play with released username and passwords.
> Like anonymous they want people to do stuff under their umbrella.
> They created #lulzsecschool where wannabe and script kiddie can learn
> simple web hacking on real targets.
>
>
> Are they just IRC warriors in the web 2.0 social media era, where social
> media exploitation provide a great set of side-effect?
>
> If they're IRC warriors within some time they will just disappear.
>
> Just think, the leaders before or later will start finding the games
> boring, will get a girlfriend, will start going out with friends rather
> than being twitter/chat addicted.
>
> However now i need to make breakfast
>
> -naif
>
> p.s. i know it's a reduced overview of the phoenomena but that's not a
> full analysis, but it's just an idea crossing my mind
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.michelpereira.com.br
http://twitter.com/michelpereira

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ