lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 10 Mar 2012 01:53:19 +0900
From: 夜神 岩男 <supergiantpotato@...oo.co.jp>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: LulzSec $ Sabu - lessons learned

On 03/10/2012 12:45 AM, Mikhail A. Utin wrote:
> Hello,
>
> My two cents to lessons learned:
>
> - If FBI is hacked, CIA will LOL
>
> - if CIA is hacked, FBI will LOL
>
> - if DoD is hacked both FBI and CIA will LOL
>
> But if Stratfor is hacked, all three guys get very serious, guess why?

Because about 30k totally ordinary people who just wanted to get news 
from a source not paid for by advertising agencies and political parties 
had their credit card information stolen? That's usually enough to get 
these types stirred up. I think its comical (and sad, considering the 
different intent in both cases) that the Sony hit after the whole 
digital rights tramping thing happened didn't get as much press as this.

Stratfor didn't have anything deep dark and secret to hide, they sell 
news cut-outs (like cut out just the event, and remove speculation) and 
analysis of relatively mundane things but uniquely free from political 
and commercial bias compared to CNN, MSN, CNBC, BBC, AJ, etc. and they 
publish a report card on themselves every quarter to compare how well or 
badly they've done over the last year making predictions. Its clarified 
news, not a playbook for the Dark Cabal Anon Wishes Existed to Control 
Everything (So They/You/rry1 Can Rage Against It).

The whole "secret email leaks" thing is incredibly boring, and full of 
mundane stuff that Startfor already just publishes anyway after removing 
typos -- and sometimes source names (like, for instance, their sources 
in Iran, Syria, Egypt, etc. who, thanks to the leaks, are probably going 
to get disappeared by their respective liberty-loving governments).

The real hit was the money -- which is really what this was all about, 
whether or not the people involved want to church it up like it was for 
the people or the lil' chillins' or to strike back at The Man -- and 
pretending that Anonymous is "a group" is/was an inside joke, made 
stupendously funny by everyone taking that notion seriously.

"Hacking" a site based on a php/mysql framework on Ubuntu is anything 
but a major challenge. The only reason this was even in the news was its 
proximity to the whole Occupy Anything We Don't Understand campaign, and 
its proximity to the whole not-really-an-Arab-Spring thing... and... 
Money. The credit card numbers. That is the kicker, the purpose, and the 
only reason we're discussing this. Stratfor selling news to people who 
want to buy backstopped and vetted analysis versus Anderson Cooper's 
vacuous political speculations isn't even remotely interesting.

> If you do serious hacking, do not brag and do not do stupid hacks.

And this. Way correct. And people who really do serious "hacking" don't 
call it that, for one, and don't talk about it for another... and are 
usually well into their 40's or over... and don't pick fights directly 
with Washington, London, Tokyo, Jerusalem, Berlin, or Moscow -- unless 
they are working in one of them directly already, and that's a different 
story.

Blah blah.

Let's get back to the purpose of this list, shall we?
-IY

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ