lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20110619114040.E9D34E6721@smtp.hushmail.com>
Date: Sun, 19 Jun 2011 11:40:40 +0000
From: lulzb0at@...hmail.com
To: full-disclosure@...ts.grok.org.uk, lists@...osecurity.ch
Subject: Re: Lulzsec as irc warrior 2.0?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ugay its all for lulz

On Sun, 19 Jun 2011 10:33:47 +0000 "Fabio Pietrosanti (naif)"
<lists@...osecurity.ch> wrote:
>I just wanted to make a couple of consideration about Lulzsec,
>without
>special reason, just because it's crossing to my mind.
>
>a) They are NOT carrying on technically complex attack
>
>Just web hacking and sql injection over a wide set of vulnerable
>website.
>Nothing so complex i would say, no particularly sofisticated
>attack has
>been demonstrated or shown. Web hackers with some penetration
>testing
>knowledge and new kiddies learning by web hacking.
>>>From web hacking they get access to user data and often users use
>the
>same passwords on other systems (email, twitter, facebook, amazon,
>etc).
>That's the overall complexity of hacking attempt i've read about.
>
>b) They are GOOD at making propaganda
>They leverage web 2.0 and social media to create attention,
>anxiety
>about their next releases increasing expectation and increasing
>media
>penetration.
>That's being good at making propaganda leveraging communication
>tools in
>a clever way.
>They are also in a here where the 'filtering', such as asking with
>a
>prosecutor mandate to close a twitter account, is highly unpopular
>and
>investigator tend to keep open the target's social networks
>accounts for
>intelligence purposes. They got 200k followers!
>
>c) They are GOOD at making crowd sourcing and community building
>
>They leverage the crowd to recruit new wannabe hackers and even
>simple
>smart powerusers to play with released username and passwords.
>Like anonymous they want people to do stuff under their umbrella.
>They created #lulzsecschool where wannabe and script kiddie can
>learn
>simple web hacking on real targets.
>
>
>Are they just IRC warriors in the web 2.0 social media era, where
>social
>media exploitation provide a great set of side-effect?
>
>If they're IRC warriors within some time they will just disappear.
>
>Just think, the leaders before or later will start finding the
>games
>boring, will get a girlfriend, will start going out with friends
>rather
>than being twitter/chat addicted.
>
>However now i need to make breakfast
>
>-naif
>
>p.s. i know it's a reduced overview of the phoenomena but that's
>not a
>full analysis, but it's just an idea crossing my mind
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wsBcBAEBAgAGBQJN/eA4AAoJEE4sWZ2chp6RnZMH/jiMa7oqnSNWYItjyFylut3IA2+u
o+L8LwTkxulyCbydn6Vn7B8K7ra5xqN/NNACsDlCmsHnpZYMJQiHKAt0riyxYMHnsA/f
IfBvXdF0CKp5RzJH71oa5R8yY08NvvrU0MykNrv6oDgXR4rDTm1O+wvTlT+B2ZS8Achc
VpDeNLJ8lGjJ5OmZVzSo5qw9n01jZExB2ciXYSBnbxXefjgLfxBYfueLIphU4YQE4OCU
wQi0xwVPNB+lWbCi5bID1zgFZ5rSciif/K/76q/AVO/v0VATNAEMCsIeiVgyNcr4PgkX
CNv+gv122pjrgV2yjtboL8Lu15J+dhWvUFZ4JQ6GRWM=
=ZPzX
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ