Be Excellent To Each Other

Does anyone else think the LulzSec guys are hilarious? Barring knocking out Minecraft, natch.

If I'm honest the thing I'm most looking forward to is the QQing that comes from them when they all get arrested.

No, not really. Not at all.

Oh yeah, that'll be great!

But I think it's incredibly entertaining that a bunch of people are so brazenly taking the piss.

Really? I'm quite surprised over this.

Especially because you changed your name

Yeah! I'm not entirely sure what's so appealing about it, but I think it might be the fact that relatively normal people can exercise such power using the internets. It's interesting.

"Relatively normal" people can wield quite a bit of power with sledgehammers, too.

Stoving heads in? Smashing up property? Is that really the same thing?

Like Peter Gabriel.

Well, it is technically 'smashing property' isn't it? Intentionally damaging someone else's business?

Depends how broadly you look at it, I guess.

I think it's actually worse, due to the numbers of people who are injured as a result of these stupidly childish actions, thinking it's "taking a stand against the man" or some nonsense.

Perhaps. I dunno, I still think it's entertaining and interesting.

Anarchy!

Seriously though, I find it odd that others can only see the annoyance factor and don't find it compelling. It's another fascinating facet of the internet and the way it functions as a community.

From what I read, they were taking requests for sites to take down - what if it had been a site you ran?

Like a lot of these childish pranks, it's entertaining until it happens to you. Imagine if you made a living off your website and some random prick off the net crashed it for 'the lulz'. Not so funny, I reckon.

What would you think if they broke into Beex* and hung out all our details (and PMs) for everyone to see?

*Which, to be honest, even I could do

I can empathise, but I still think it's interesting.

edit: And that's in answer to all of the above "but what if it was you?!" questions.

New thread for this, reckon.

This 'community' is unpoliced and run by a gang of childish-minded bullies though. Woot!

(Yay! It's another 'Gang up on Jahonny day!)

Or, alternatively, accidentally performing a useful public service by pointing out pre-existing security flaws in the companies who hold our data. Remember, if the firms in question took security as seriously as they claim to, lulzsec wouldn't be able to make half as much impact.

And whilst lulzsec's actions don't amount to more than vandalism (unless they start actually releasing stolen credit card numbers -- which I don't believe has happened yet, they are pwning servers but not actually taking any data; which makes them grey hat hackers), then at least they're done with a sense of style. Personality goes a long way I guess.

Exactly! This is precisely why it’s so interesting. It polices itself. That’s incredibly interesting. It’ll be interesting to see how it’ll be dealt with by any authorities, and it’ll be interesting to see what they can get away with – if they can get away with it. It’s 100% fascinating.

Perhaps I shouldn’t have said “hilarious” in the first place. I’m not sat here stroking my cock, chuckling at the people who’ve been attacked. I’m sat here stroking my chin, extremely interested to find out what happens next. Entertaining and interesting. That's what I meant by "hilarious".

You might as well demonstrate flaws in security by battering someone's door in, then trying to sell them a reinforced steel one.

Their site has releases of usernames and passwords. Pointing out flaws is all well and good, but why release the data they find to the public?

Yeah but it's the age-old argument there, innit? Is piracy theft? Is knocking down a website the same as physically smashing a door in? There's no useful analogy for the similarities between electronic data and physical property. The RIAA would like you to think there is, of course.

The don't have to release the data publicly. I'm sure there are a lot of people who will pay *very* good money for it, without us ever knowing.

Quite.

You might as well demonstrate flaws in security by battering someone's door in, then trying to sell them a reinforced steel one, then scan and publish all of my passwords etc that I keep in my little blue book by the computer.

They're definitely not doing that, DavPaz. Barring their "personality" - for example hacking that security site "for the lulz" and declining the $10,000 reward - actually selling data would take them a little bit further beyond where they currently stand with regards to going to prison.

The fact that they're so open about it all totally precludes any possibility that they're in it for money. The reality is, if a hacker wanted to make money that way, he'd just do it quietly and nobody would ever find out - what these guys are doing is basically highlighting the fact that it could be done.

Do you view them like latter day Robin Hoods?

No. As I said above when you tried to less directly accuse me of enjoying them "sticking it to the man", I just find it very interesting. Get off your high horse.

I'm trying to find out why you think it is interesting. Are some businesses more deserving to be attacked than others?

What I do find interesting about all this is the apparent ease at which yesterday's sites were taken down. I would have thought Eve would have been more resilient for a start. Whatever technology they use to carry this stuff out, I wonder which sites would be able to stand up to it.

Ah yes. The passwords that fucking well would have been multiply salted if the companies storing them weren't idiots. Which would still leave them vulnerable to dictionary attack, unless users had half a fucking clue and didn't use single words as passwords. I still think lulzsec are grey, rather than black, hats; black hatters wouldn't be telling anyone what they hacked or releasing anything, they'd be rolling the exploits up until they could sell credit cards to the Russians and the Chinese.

I also still think they might end up doing more harm than good by raising awareness of these longstanding problems. Hardly anyone takes security seriously enough, and I've been in meetings where technical architects pushed for more security and were flat-out overruled by finance guys unwilling to pay for it who didn't understand the risks. I've seen companies that barely manage lip service to PCI DSS whilst still merrily processing and storing and reusing your credit card numbers. It's sickening, and if lulzec cast some much-needed light on these dark corners hardly anyone talks about that's not a bad thing. Security is hard, and expensive, but it's not unachievable; the only problem is that the penalties for not doing it are too remote so businesses cut corners.

What do you mean more deserving? OH YEAH! STICK IT TO APPLE! I HATE APPLE! THE CORPORATE SHILLS!

I don't think any of them are "deserving" of anything. I'm not the one pointing the gun - I'm simply watching it happen. I couldn't care less who they attack. The reason it's interesting is because these guys are going around brazenly attacking websites and there's seemingly fuck all anybody can do. As someone who has studied the sociology and democracy of the internet, I simply find the whole thing incredibly interesting.

As I've said, I'm looking forward to seeing what they do next, and I'm looking forward to finding out what the inevitable outcome will be, and what ramifications it'll all have for the future of the internet - both in sociological terms and security-wise.

Exactly. What are the ramifications of such attacks? What sort of security are we going to see in the future to combat it? Can it even be combated? Are these guys going to become the Al Qaida of the internet? Are they going to be prevented from doing further attacks via electronic means or in real life? Or at all?

So, having a web presence, in your eyes, is consent to be attacked?

For pretty much all intents and purposes, yes. Security is broken, company closes while the security is fixed, company re-opens again.
Doesn't really matter if it's Amazon or a corner shop.

Seriously, WHAT?!

You're absolutely right - there's a loss of business in both cases. I just don't think the analogy of "smashing a door in and then selling them a steel one" is good. For a start, I don't see LulzSec offering any sort of "steel door" to these companies for personal profit.

I think this whole thing also raises an interesting point. I don't think we're ever going to get to where we ought to be with the internet if people continue to insist on analogising the digital world with the real world. It has to be treated differently because it operates differently. New standards need to be created. In my opinion!

x 1000.

It is the main thing I have to consider every day with my job, it is not cheap, really really not cheap.

No it is more akin to smashing in the door, ans saying you have done it! They might not make a profit but the damage is still done.

Meanwhile, with no help at all from hackers, the NHS has lost eight million Londoner's health records. They were stored unencrypted on a laptop that went missing three weeks ago but has only just been noticed. "The records contain no names but do include other identifying information like age, gender, postcode, medical history, hospital visits, HIV status and mental illnesses."

Security. We've heard of it.

The questions is as it stands, as you've studied the sociology and democracy of the internet, do you think that having a web presence is consent to be attacked in such a fashion?

These people should be shot, there is no, I repeat, no reason not to use encrypted media these days...

Mmm. "Good" security is achievable, but not perfect security. You can always break into a system that has human interaction. Finding someone that legitimately has access, sitting him in front of a keyboard and putting a gun to his head, for instance.

Yes you can't mitigate everything. But the threat risk should be taken into account when designing it.

The reason I didn't answer this ludicrous question is because my answer is obviously "no". I don't understand where you're coming from and how I might've insinuated such a ridiculous proposition with what I've been saying.

What does consent have to do with it? And why would it matter anyway? I'm saying that I find it interesting. Not that I think anyone deserves it because they've consented.

Accepted. But lulzsec aren't doing that -- I really doubt these people are geniuses.