Erm...
"it also leaked potential sensitive data about video gaming outfit Bethesda Softworks, the firm behind Quake and Doom"
Erm, Bethesda will be behind the yet to be released Doom 4, but not Quake or the previous Doom games.
Hacker tricksters LulzSec is baiting US lawmakers with its latest attack on the US Senate. The hacking group posted what security experts Sophos characterised as "basic information on the filesystems, user logins and the Apache web server config files" of the Senate website on Wednesday morning. The group also posted a …
Well yes, that's how civil disobedience works. If you want to protest about the ban on sitting at the back of a buss because of your skin color then moving to the back of the buss seams to be a good idea.
That's surely a well thought out plan with no negative repercussions.
Well no. There will be repercussions, but if people aren’t prepared to break the law we'd still be living under an absolute Monarchy, with no votes for women.
You're likening Lulzsec to Rosa Parks? Seriously?
For a start, and this is just a start, What Rosa Parks did was peaceful and didn't involve breaking into anything, threatening anyone or generally affecting anyone who wasn't involved in racist segregation. Lulzsec put innocent people's personal information onto the internet, break into and deface web sites and threaten the owners of said sites, all because they don't like being told that they're not allowed to hack/download for free/whatever else it is today.
It's not comparable. It's just not.
"What Rosa Parks did was peaceful and didn't involve breaking into anything, threatening anyone or generally affecting anyone who wasn't involved in racist segregation."
We only have that view now because of what happened.
At the time people did indeed feel threatened, it was likened to breaking into the whites only area and the repercussions did indeed affect everyone - if if they were not directly involved in racist segregation.
More importantly, you appear to fail to grasp the concept of analogy.
Erm, I think he got the analogy alright, he just thought it was a shitty one, like I do.
And pulling the "you don't know why it isn't hurting anyone because your moral compass isn't well-adapted yet" is a horribly bad argument. Please explain to me why posting people's personal information is not hurting people by infringing their (supposedly unalienable) right to privacy.
I still dont think you got the analogy right. Saying you did isnt the same as actually getting it.
The analogy is about what civil disobedience is. This is talking about protesting against a hacking law, by hacking legislators.
Its not about posting PII. Its not about infringing the rights of the private citizen to privacy.
Its not about justifying the takedown of Eve Online with a parallel to Rosa Parks. That is not the analogy in either its stated or implied forms. Its not about *ANY* other hacking attack being the same as Rosa Parks, its about demonstrating that the only way Civil Disobedience works is by breaking the laws you dont agree with.
Lulzsec is not a civil rights movement, it doesn't represent a mass of disaffected people. It's a handful anonymous hackers who like to vandalize stuff. Stop trying to make them out to be some political movement because they're not. In fact by vandalizing stuff they just demonstrate that the legal penalties for doing it probably require review.
if you are like me you like to keep it simple. and use a master password. yes, i know its not a great idea but how the hell am i supposed to remember 100+ passwords on the move. i dont want to have to keep referencing some locker full of passwords, which would need a password anyway.
after all the ball ache of changing passwords due to PSN now ive had to do it again due to bethesda forums!
cant these little virgins living in their parents houses just get out and get laid and chill and stop messing around with everyday users? stop fucking up our stuff, if you have a beef with X then get their MD details and fuck with him, not the users.
"Master password"? So you're saying that you use the same password for your online banking as for some random blog you want to post comment to? Nice.
Password re-use is bad practice but you should do some damage assessment should it be compromised. If, by getting your forums password all they can do is troll on some other forums/blog comments, then that wouldn't be of my concern. If on the other hand they could access my primary email or bank account or anything else that is important...
but an ideal world and real life are different things. as i say i have 100+ passwords to remember on a regular basis
i know i could do <standardpass><ref> where ref would be 'bethesda' or whatever but still a ball ache. obviously if they had locked down the SQL injections or however they got in then we wouldnt need to. i had the same password for everything for 15 years without issue. now its changed twice in a few months.
If a company harvests user data it should protect it. I'd much rather somebody hack a site and advertise the fact than have someone secretly exploit that data.
If you cant be bothered to come up with a sensible password system maybe its time you went back to living with your parents, they'd be on hand to help you out with all those tasks in life which require a responsible adult at hand.
from the guy without the bottle to even post his username.... afraid i will hack you and track you down to your parent's basement where i find you wanking over a linux mag dressed as someone from star trek?
as i say i visit many forums and have lots of places i need to log into. maybe i will just have to use the postfix method i talked about. the thing is i shouldnt need to.
"the thing is i shouldnt need to."
No, you shouldn't. Sites which force users to log in with credentials should take the correct measures to protect that data. I completely agree with you on one aspect of this - you are an innocent third party but you bear a significant burden as the result of lazy, tight fisted and incompetent systems owners.
In some respects you should be pleased that the LulzSec losers did this - if it had been more malicious parties, you wouldnt even know you needed to change all your passwords so you would be surfing away in blithe innocence while your data was compromised.
If that bothers you less than the fact LulzSec hacked a site and told the world, then dont bother to change your passwords - it cant be that important to you.
The reality is companies of all size are cutting corners and saving money by not spending on security. When the hack happens they keep it quiet for as long as possible before saying it is all the eebul hackers fault. They dont admit to scrimping £50k on an IPS etc, instead it is down to the users, customers etc to bear some of the pain that they have effectively profited from.
Yes, what LulzSec et al do is wrong, but on the great continuum of wrong, its not very wrong.
You SHOULD have to use different passwords. The whole point of a password is that it's a secret shared only by you and the site it authenticates you to. If you tell it to other people, it no longer serves that purpose. The fact that those other people also run websites with which you want to authenticate yourself does not make that okay.
Who needs 100's of password?
Get a mailinator address and use for all your forum/site/commentary/FB/twitter accounts (basically anything non-e-commerce). So they get your address and password, what's the worst that would happen? Spam posted on fora in your name big deal.
99+% of sites can be relegated to disposable addresses and password. For the 2-3 that are commerce related, sign up to the enhanced security authentication schemes (verfied by vi$a and the like) and only use them in private sessions only when necessary. Alternatively, pay by bank transfer and keep all your data to yourself.
Job done.
Do people still use one address for all activities?
If you need to use just one password make it an algorithm:
First 4 characters is the name of the site,
Second 4 characters is a standard number,
Last letter is a special char such as # [ ] { }
You get a unique password for each location and 99% of the time they are holding a hashed value so no two hashes will be the same or just use a password manager like Passwordsafe.
what happens when sites change name, url etc? for instance i use virgin so i have a virgin email, but its ntlworld as the address. so i now have to remember all these little things. some sites have long names, and every time you refresh it wants you to sign in again. its just a ball ache but i know i should do something like your algorithm and i now have.
"if you are like me you like to keep it simple. and use a master password. yes, i know its not a great idea but how the hell am i supposed to remember 100+ passwords on the move. i dont want to have to keep referencing some locker full of passwords, which would need a password anyway."
I keep about 2,000 passwords in my PINs file ( http://www.mirekw.com/ ), which is PW protected and 448 bit Blowfish encoded; I keep them in a True Crypt container when I travel. It has a password of about 32 alphanumeric characters. Security is worth its weight in gold. If I lose my USB stick I lose less sleep than most people.
Oh, and my passwords for internet fora and the like? Hopelessly complex and long. By the time you crack 'em I've changed 'em.
It is good that you go to such great lengths, although I dread to think how much time you spend opening and closing encrypted containers and finding the appropriate password for various accounts.
I assume your USB stick is fully backed up and the backups are encrypted. Where do you keep a copy of the backup encryption key?
If someone got hold of your USB stick and got past your Truecrypt container, would they have access to every single password you have? Seems like a massive pain in the arse to change 2000 of them just to be safe - and you have to, because you cant be sure that your truecrypt container will sustain whatever attack is thrown against it.
Also, all of this is totally defeated by the websites you interact with.
No matter what lengths you go to to protect your end of the deal, there are still sites that log in over HTTP (rather than HTTPS), they will store user credentials in clear text, they are vulnerable to SQL injections etc.
So all of that effort *you* have put in, is defeated by lazy, greedy and useless people on the other end.
Shame really.
Because I would much, much rather a games company spends even more money on security and less money on developing the games. After all there is a magic amount of money that, when spent, will make any system unbreakable, even if social engineering is used.
Still, the important thing is that as a consumer I am being taught to audit the security of any company I might want to give my email address to, or sign up for a forum with.
They are not a group.
If you've been on their IRC, they have a banner at the top that encourages visitors to send them leaks and documents. Just like Anonymous, anyone can claim to be them. So they have a shitty looking website that chronicles each release. So what? They are still a bunch of teenagers having fun with open source tools.
... is the relative silence from Anonymous regarding LulzSec's recent forays.
Some accusations have been made (such as by Branndon Pike):
-- -- Fox News: Group Claims It Was 'Paid to Hack PBS...'
-- -- -- http://www.foxnews.com/scitech/2011/06/02/man-denies-paying-group-to-hack-pbsorg/
that LulzSec is a "splinter group" or otherwise affiliated with Anonymous.
Usually, when such pronouncements are made, Anonymous is fairly quick to file a response (in either confirmation or denial), such as it did with the original Sony PSN breach (in that case, a denial).
But ever since LulzSec appeared on the scene, it seems that Anonymous has intentionally "faded into the background," so-to-speak. But I don't think it's a defence against "guilt by association" move; it's more tactical than that...
That is certainly something to consider. Anonymous is seemingly taking a back seat to LulzSec's antics. Perhaps the heat is rising on the evil mastermind. And, then again, could be the group members are just changing their tactics as the use of the LOIC has taken a bit of a toll on some of the Anonymous brotherhood.
It's just a pity that big guvmint doesn't mandate a certain standard of security across the board for businesses that hold our identifying data. Of course this means that changes may need to be made to certain, ahem..., backdoors.