| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4F5A357F.90308@yahoo.co.jp> Date: Sat, 10 Mar 2012 01:53:19 +0900 From: 夜神 岩男 <supergiantpotato@...oo.co.jp> To: full-disclosure@...ts.grok.org.uk Subject: Re: LulzSec $ Sabu - lessons learned On 03/10/2012 12:45 AM, Mikhail A. Utin wrote: > Hello, > > My two cents to lessons learned: > > - If FBI is hacked, CIA will LOL > > - if CIA is hacked, FBI will LOL > > - if DoD is hacked both FBI and CIA will LOL > > But if Stratfor is hacked, all three guys get very serious, guess why? Because about 30k totally ordinary people who just wanted to get news from a source not paid for by advertising agencies and political parties had their credit card information stolen? That's usually enough to get these types stirred up. I think its comical (and sad, considering the different intent in both cases) that the Sony hit after the whole digital rights tramping thing happened didn't get as much press as this. Stratfor didn't have anything deep dark and secret to hide, they sell news cut-outs (like cut out just the event, and remove speculation) and analysis of relatively mundane things but uniquely free from political and commercial bias compared to CNN, MSN, CNBC, BBC, AJ, etc. and they publish a report card on themselves every quarter to compare how well or badly they've done over the last year making predictions. Its clarified news, not a playbook for the Dark Cabal Anon Wishes Existed to Control Everything (So They/You/rry1 Can Rage Against It). The whole "secret email leaks" thing is incredibly boring, and full of mundane stuff that Startfor already just publishes anyway after removing typos -- and sometimes source names (like, for instance, their sources in Iran, Syria, Egypt, etc. who, thanks to the leaks, are probably going to get disappeared by their respective liberty-loving governments). The real hit was the money -- which is really what this was all about, whether or not the people involved want to church it up like it was for the people or the lil' chillins' or to strike back at The Man -- and pretending that Anonymous is "a group" is/was an inside joke, made stupendously funny by everyone taking that notion seriously. "Hacking" a site based on a php/mysql framework on Ubuntu is anything but a major challenge. The only reason this was even in the news was its proximity to the whole Occupy Anything We Don't Understand campaign, and its proximity to the whole not-really-an-Arab-Spring thing... and... Money. The credit card numbers. That is the kicker, the purpose, and the only reason we're discussing this. Stratfor selling news to people who want to buy backstopped and vetted analysis versus Anderson Cooper's vacuous political speculations isn't even remotely interesting. > If you do serious hacking, do not brag and do not do stupid hacks. And this. Way correct. And people who really do serious "hacking" don't call it that, for one, and don't talk about it for another... and are usually well into their 40's or over... and don't pick fights directly with Washington, London, Tokyo, Jerusalem, Berlin, or Moscow -- unless they are working in one of them directly already, and that's a different story. Blah blah. Let's get back to the purpose of this list, shall we? -IY _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists