anonymous strikes again!

the_tyrant · 11-05-12, 01:54 PM

Quote:

NBC's site wasn't the only one to have been hacked because of Guy Fawkes Day. Over the past day, a number of apparently Anonymous-affiliated hackers have gone after LG, ImageShack, Symantec, and other sites, either defacing them or publishing what they claim is private data. In the former category, Argentina's Caja Popular bank temporarily bore an AntiSec banner and a manifesto supporting Jeremy Hammond, who was arrested as part of a sweep against LulzSec in March. The site now appears to be down. In the latter group, the evidence of hacking is less clear but the implications potentially worse.

Internet security people, get your !*%# together!
The police should crack down on them, when they get caught, charge them with bank robbery, a long jail term or a bullet in the brain would kill this soon enough.

http://www.theverge.com/2012/11/5/36...-symantec-hack

Betonov · 11-05-12, 01:57 PM

Remember remember, the fifth of november...

I've wondered where they have been.

nikimcbee · 11-05-12, 02:06 PM

Quote:

Originally Posted by the_tyrant

Internet security people, get your !*%# together!
The police should crack down on them, when they get caught, charge them with bank robbery, a long jail term or a bullet in the brain would kill this soon enough.

http://www.theverge.com/2012/11/5/36...-symantec-hack

Lobotomy would fix it. Maybe some old school Russian, Ivan the Terrible punisment, gouge their eyes out.

CCIP · 11-05-12, 02:24 PM

Why so much love for banks and big corporations, though?

Sailor Steve · 11-05-12, 02:27 PM

Quote:

Originally Posted by the_tyrant

Internet security people, get your !*%# together!

But the minute they crack down on something we're doing, we cry about freedom of the internet.

the_tyrant · 11-05-12, 03:38 PM

Quote:

Originally Posted by CCIP

Why so much love for banks and big corporations, though?

They provide a beloved service for many, like imageshack, or PSN. I would of course resent the attackers they have taken down the services I use regularly.

Jimbuna · 11-05-12, 03:51 PM

Quote:

Originally Posted by Sailor Steve

But the minute they crack down on something we're doing, we cry about freedom of the internet.

Precisely!!

the_tyrant · 11-05-12, 04:53 PM

My analysis is this: internet criminals do not usually get caught when they fail. Consider a bank robbery, if I try to pick let’s say the lock on a bank vault and fail, the alarm would trigger, and the cops will arrest me within minutes. However, hackers who try to hack websites, if they mess up, they would not be arrested. Most IDS (intrusion detection systems) systems would simply ban the attacker’s IP for 24 hours. Thus really, if the attacker hides his/her IP address, infinite attack attempts could be made.
Compare that with traditional physical crime, say robbing a bank. If a bank robber fails to rob a bank, and say trips the security system, or gets into a shootout with security, he would most likely get arrested and get "taken out of action". In comparison, if hackers fail, nothing happens to them. I run a windows 2008 server and a cent OS server as a hobby, both are internet facing, and used as web servers. My logs tell me that I get "attacked" almost 20 times a day on each server, even though these are just some personal sites with almost no traffic. Mostly they are brute force attacks, sql injection attempts, port scans, etc, attacks that have no chance of succeeding. However, these attackers are not "taken out of action" by their failure, they simply move on to the next possible victim (the majority of the attacks are done by automated scripts, but as a guy who likes to read logs, you can quickly recognize which ones are done by newbies).
Over a scale of infinite time, even the most secure servers would succumb to attacks. After all, the attackers always have the initiative, they can try infinite times. If I fail today, I can come back tomorrow and try again.
Now we have to discuss the concept of "vulnerable time". Just as how downtime describes the amount of time a server is "down", I use the term vulnerable time to discuss the time in which the server is vulnerable to attack. Consider this: consider an internet facing application like IIS or Apache. Let’s say a huge 0-day has just been created and is currently spreading through the internet (a 0-day is an attack technique that has not been patched). If I manually apply patches, my vulnerable time would be from when the attack first appeared, to when I finally get around to patching my server. If I used an automatic patching system, my vulnerable time would be reduced to from when the attack first appeared, to when the vendor rolls out a patch.
If I have say an IDS system, the vulnerable time to would be drastically reduced. I would only be vulnerable to the attack when my application is vulnerable, and when my IDS system is vulnerable. With each layer I pile on, my vulnerable time is reduced further.
However, on a scale of infinite time, when the attacker has infinite tries, the attacker would always succeed. Consider this: If I have infinite tries to rob a bank, I would eventually get it right some time. If I try to rob a bank, and I fail, I would get a long jail term, and maybe a few new bullet holes. However, if I try to hack a server and I fail, I can just try again tomorrow.
This leads me to believe, that the only effective permanent solution against internet crime is effective policing. Since on an infinite time frame, the attacker would always succeed. Unlike murders and assault, internet crime is not a spur of the moment thing. Cracking down on internet crime will deter the perpetrators on internet crime.
Most of the "pro hackers" started off as script kiddies; I would say that the absolute majority started off that way. Using scripts you can easily find off the internet, you can deal quite a bit of damage. It is in fact not too hard to hack a large amount of websites using commonly found scripts. Often, the big website hackers we read about in the news start off by defacing small sites. It’s not like the police will even bother to persecute a tiny website hacker. Yet, give him enough time, and he will move on to bigger things. If I see on my logs, a kid trying his best to clumsily exploit a SQL injection vulnerability (its easy to recognize this kind of thing, you usually see misspelled SQL commands and what not), I would check if the IP is from a residential IP address and not a known proxy or VPN. I usually just pop off an abuse complaint to the ISP. I don’t really think they would do anything, but if some script kiddie gets a warning from his ISP, it would hopefully deter him from going down that path.

Sailor Steve · 11-05-12, 05:13 PM

1) Is there a reason you felt the need to shout your whole post this time?

2) You could at least go back and clean up all the ***XXXX crap so it looked a little like your own words.

Tchocky · 11-05-12, 05:23 PM

Quote:

Originally Posted by Sailor Steve

1) Is there a reason you felt the need to shout your whole post this time?

2) You could at least go back and clean up all the ***XXXX crap so it looked a little like your own words.

It was fun back in the day, calling out eejits for reposting copied rants as their own work

(I've Googled and I think tyrant typed it up himself...... but in Microsoft Potato 1989)

the_tyrant · 11-05-12, 05:28 PM

Quote:

Originally Posted by Sailor Steve

1) Is there a reason you felt the need to shout your whole post this time?

2) You could at least go back and clean up all the ***XXXX crap so it looked a little like your own words.

Sorry, i wrote it up in one note, I'll clean it back up.

Tchocky · 11-05-12, 05:29 PM

Quote:

Originally Posted by the_tyrant

They provide a beloved service for many, like imageshack, or PSN.

ImageShack makes my head hurt. Imgur is so nice and easy

Sailor Steve · 11-05-12, 08:55 PM

Quote:

Originally Posted by the_tyrant

Sorry, i wrote it up in one note, I'll clean it back up.

Thank you.

SaintEpsilon · 11-05-12, 09:33 PM

Sometimes what they do, I can agree with, othertimes it's just plain moronic.
Unfortunately democracy is as much an illusion these days as religion.

Cybermat47 · 11-05-12, 09:54 PM

Quote:

Originally Posted by SaintEpsilon

Unfortunately democracy is as much an illusion these days as religion.

Dude, this isn't Facebook, you can't just go around insulting everyone just because they believe in an omnipotent being.

And anyway, if you're an atheist, then how come your username is SaintEpsilon!

11-05-12, 02:24 PM	#4
CCIP Navy Seal Join Date: Apr 2005 Location: Waterloo, Canada Posts: 8,700 Downloads: 29 Uploads: 2	Why so much love for banks and big corporations, though? __________________ There are only forty people in the world and five of them are hamburgers. -Don Van Vliet (aka Captain Beefheart)

11-05-12, 04:53 PM	#8
the_tyrant Admiral Join Date: Jun 2010 Location: Canada Posts: 2,272 Downloads: 58 Uploads: 0	My analysis is this: internet criminals do not usually get caught when they fail. Consider a bank robbery, if I try to pick let’s say the lock on a bank vault and fail, the alarm would trigger, and the cops will arrest me within minutes. However, hackers who try to hack websites, if they mess up, they would not be arrested. Most IDS (intrusion detection systems) systems would simply ban the attacker’s IP for 24 hours. Thus really, if the attacker hides his/her IP address, infinite attack attempts could be made. Compare that with traditional physical crime, say robbing a bank. If a bank robber fails to rob a bank, and say trips the security system, or gets into a shootout with security, he would most likely get arrested and get "taken out of action". In comparison, if hackers fail, nothing happens to them. I run a windows 2008 server and a cent OS server as a hobby, both are internet facing, and used as web servers. My logs tell me that I get "attacked" almost 20 times a day on each server, even though these are just some personal sites with almost no traffic. Mostly they are brute force attacks, sql injection attempts, port scans, etc, attacks that have no chance of succeeding. However, these attackers are not "taken out of action" by their failure, they simply move on to the next possible victim (the majority of the attacks are done by automated scripts, but as a guy who likes to read logs, you can quickly recognize which ones are done by newbies). Over a scale of infinite time, even the most secure servers would succumb to attacks. After all, the attackers always have the initiative, they can try infinite times. If I fail today, I can come back tomorrow and try again. Now we have to discuss the concept of "vulnerable time". Just as how downtime describes the amount of time a server is "down", I use the term vulnerable time to discuss the time in which the server is vulnerable to attack. Consider this: consider an internet facing application like IIS or Apache. Let’s say a huge 0-day has just been created and is currently spreading through the internet (a 0-day is an attack technique that has not been patched). If I manually apply patches, my vulnerable time would be from when the attack first appeared, to when I finally get around to patching my server. If I used an automatic patching system, my vulnerable time would be reduced to from when the attack first appeared, to when the vendor rolls out a patch. If I have say an IDS system, the vulnerable time to would be drastically reduced. I would only be vulnerable to the attack when my application is vulnerable, and when my IDS system is vulnerable. With each layer I pile on, my vulnerable time is reduced further. However, on a scale of infinite time, when the attacker has infinite tries, the attacker would always succeed. Consider this: If I have infinite tries to rob a bank, I would eventually get it right some time. If I try to rob a bank, and I fail, I would get a long jail term, and maybe a few new bullet holes. However, if I try to hack a server and I fail, I can just try again tomorrow. This leads me to believe, that the only effective permanent solution against internet crime is effective policing. Since on an infinite time frame, the attacker would always succeed. Unlike murders and assault, internet crime is not a spur of the moment thing. Cracking down on internet crime will deter the perpetrators on internet crime. Most of the "pro hackers" started off as script kiddies; I would say that the absolute majority started off that way. Using scripts you can easily find off the internet, you can deal quite a bit of damage. It is in fact not too hard to hack a large amount of websites using commonly found scripts. Often, the big website hackers we read about in the news start off by defacing small sites. It’s not like the police will even bother to persecute a tiny website hacker. Yet, give him enough time, and he will move on to bigger things. If I see on my logs, a kid trying his best to clumsily exploit a SQL injection vulnerability (its easy to recognize this kind of thing, you usually see misspelled SQL commands and what not), I would check if the IP is from a residential IP address and not a known proxy or VPN. I usually just pop off an abuse complaint to the ISP. I don’t really think they would do anything, but if some script kiddie gets a warning from his ISP, it would hopefully deter him from going down that path. __________________ My own open source project on Sourceforge OTP.net KGB grade encryption for the rest of us Last edited by the_tyrant; 11-05-12 at 05:29 PM.

11-05-12, 05:13 PM	#9
Sailor Steve Eternal Patrol Join Date: Nov 2002 Location: High in the mountains of Utah Posts: 50,369 Downloads: 745 Uploads: 249	1) Is there a reason you felt the need to shout your whole post this time? 2) You could at least go back and clean up all the ***XXXX crap so it looked a little like your own words. __________________ “Never do anything you can't take back.” —Rocky Russo

11-05-12, 01:57 PM	#2
Betonov Navy Seal Join Date: May 2009 Location: Slovenia Posts: 8,647 Downloads: 26 Uploads: 0	Remember remember, the fifth of november... I've wondered where they have been.

11-05-12, 09:33 PM	#14
SaintEpsilon Bilge Rat Join Date: Apr 2005 Posts: 1 Downloads: 63 Uploads: 0	Sometimes what they do, I can agree with, othertimes it's just plain moronic. Unfortunately democracy is as much an illusion these days as religion.