Anonymous vs WBC

Page 2 of 2 [ 31 posts ] Go to page Previous 1, 2

Previous topic | Next topic

Asp-Z
Veteran
Veteran

Joined: 6 Dec 2009
Age: 30
Gender: Male
Posts: 11,018

26 Feb 2011, 2:32 pm

Vigilans wrote:

Asp-Z wrote:

Vigilans wrote:

I was fairly amused by Anonymous hacking HBGary Federal CEO's PC, email and iPad after he made idle threats about unmasking them. If I'm not mistaken it took no more then a few minutes

Just did a Google and, as I'd have guessed, the main reasons the hack worked were that they using a version of their CMS with known security holes, crappy encryption for their passwords (they were easily crackable with a rainbow table, so I guess they either had no or predictable salts), and the classic hole that is idiots using the same passwords for everything. The IT staff in the company also handed out the root password for their servers to a randomer who claimed to be an employee, which shows very bad internal security.

Well, I hope that in the future government employees & high level business people ensure better security. America's real enemies could conceivably learn from tactics like this

The real scary thing is that we're not even talking about super-advanced hacking here. The CMS was hacked because of an SQL injection exploit and everything else that followed was a domino effect of that. Plus, they didn't use a popular CMS, they got a custom made one which lacked any technical support or updates, making the likelihood of unnoticed exploits cropping up stupidly high.

For a security firm who invests a lot on high-end security for the systems themselves to prevent them getting infected with malware and such, they sure didn't seem to pay much attention to the basic security required to prevent people from accessing them.

Vigilans
Veteran
Veteran

Joined: 19 Jun 2008
Age: 35
Gender: Male
Posts: 12,181
Location: Montreal

26 Feb 2011, 2:43 pm

Perhaps the Chinese have been doing it for a long time
Anonymous may have done a favor by exposing this weakness in rather benign ways

Yet, certainly, the wise learn many things from their enemies; for caution preserves all things. From a friend you could not learn this, but your foe immediately obliges you to learn it. For example, the states have learned from enemies, and not from friends, to build lofty walls, and to possess ships of war. And this lesson preserves children, house, and possessions. - Aristophanes, The Birds

_________________
Opportunities multiply as they are seized. -Sun Tzu
Nature creates few men brave, industry and training makes many -Machiavelli
You can safely assume that you've created God in your own image when it turns out that God hates all the same people you do

Asp-Z
Veteran
Veteran

Joined: 6 Dec 2009
Age: 30
Gender: Male
Posts: 11,018

26 Feb 2011, 3:08 pm

Vigilans wrote:

Perhaps the Chinese have been doing it for a long time

Anonymous may have done a favor by exposing this weakness in rather benign ways

Yet, certainly, the wise learn many things from their enemies; for caution preserves all things. From a friend you could not learn this, but your foe immediately obliges you to learn it. For example, the states have learned from enemies, and not from friends, to build lofty walls, and to possess ships of war. And this lesson preserves children, house, and possessions. - Aristophanes, The Birds

Certainly, being hacked should teach you important lessons. But it keeps shocking me just how bad the security for all these big corporations is, and since these really are basic flaws that are being exploited, it shouldn't be possible to hack these systems the way they were hacked. The guys running them should have used basic common sense when they put the systems together and checked for injection exploits, hashed the passwords properly, and made sure the admin and staff passwords were secure (and regularly changed) ones. But they didn't bother.

Human laziness is the biggest security hole, it seems. Even if there was a hypothetically perfect system, the organic part in front of the keyboard would still cause problems.

Vexcalibur
Veteran
Veteran

Joined: 17 Jan 2008
Age: 39
Gender: Male
Posts: 5,398

26 Feb 2011, 3:15 pm

HBGary was probably the most prominent security firm until Anonymous ripped them out. I read an article (can't find it right now) in which an anonymous guy explained how they completely obliterated HBGary:
* SQL injection to find hash (this is a very basic vulnerability in web software that really SHOULDN'T happen.
* Simple md5 bruteforcing to get password from hash - This means that the password was not safe and/or the hash security was very poor.
* Finding out the admin used the same password in both the site and his email. (Which is a no-no for things this important.
* Finding tons and tons of things in gmail, including information about other sites he administers. And also tons of confidential documents
* Social engineering to find an unknown password. This was rather sad. The hacker used the stolen gmail to pretend to be the admin, and asked the other guy for a password that the real admin was supposed to know. The other guy sent the password just like that, without further security through email.

_________________
.

Asp-Z
Veteran
Veteran

Joined: 6 Dec 2009
Age: 30
Gender: Male
Posts: 11,018

26 Feb 2011, 3:18 pm

Vexcalibur wrote:

I'm guessing this is the article you speak of, just had a read of it myself.

Basic textbook errors, really. It's ridiculous.

LKL
Veteran
Veteran

Joined: 21 Jul 2007
Age: 48
Gender: Female
Posts: 7,402

26 Feb 2011, 4:02 pm

but soooo entertaining.

ikorack
Veteran
Veteran

Joined: 15 Mar 2009
Age: 32
Gender: Male
Posts: 1,870

26 Feb 2011, 4:11 pm

aretechnia has a whole series of articles on this event, they link to one another so it should be easy to find the rest if any of you wish to.

91
Veteran
Veteran

Joined: 30 Oct 2010
Age: 39
Gender: Male
Posts: 3,063
Location: Australia

26 Feb 2011, 6:25 pm

"Man usually avoids attributing cleverness to somebody else unless it is an enemy." - Albert Einstein

The WBC really does get on my nerves.

_________________
Life is real ! Life is earnest!
And the grave is not its goal ;
Dust thou art, to dust returnest,
Was not spoken of the soul.

aspiegirl2
Veteran
Veteran

Joined: 23 Feb 2005
Age: 35
Gender: Female
Posts: 1,442
Location: Washington, USA

26 Feb 2011, 6:55 pm

This is pretty sweet revenge lol. WBC was definitely asking for it. It was probably just a big stunt for media attention, and now they totally embarassed themselves in front of the whole world LOL. Even as a Christian, I really don't like the way WBC treats other people. Many of my friends are GLBT, but I'm definitely not going to protest their funerals, nor would I ever protest the funeral of any military service member. I wonder if anyone has ever protested a funeral of a WBC member? They would probably go on a media rampage and act like the victim of some kind of heinous crime. It really annoys me when people have that kind of a double standard.

_________________
I'm 24 years old and live in WA State. I was diagnosed with Asperger's at 9. I received a BS in Psychology in 2011 and I intend to help people with Autistic Spectrum Disorders, either through research, application, or both. On the ?Pursuit of Aspieness?.

MCalavera
Veteran
Veteran

Joined: 15 Dec 2010
Gender: Male
Posts: 5,442

26 Feb 2011, 7:08 pm

I personally feel sorry for them.

Vigilans
Veteran
Veteran

Joined: 19 Jun 2008
Age: 35
Gender: Male
Posts: 12,181
Location: Montreal

26 Feb 2011, 7:37 pm

If Hell is real, the WBC is going to burn there. Christianity shouldn't be about hate and ignorance, and picketing funerals. Most Baptist organizations, afaik, denounce the WBC

skafather84
Veteran
Veteran

Joined: 20 Mar 2006
Age: 39
Gender: Male
Posts: 9,848
Location: New Orleans, LA

26 Feb 2011, 7:39 pm

MCalavera wrote:

I personally feel sorry for them.

Anonymous? Yeah....they're gonna piss off the wrong person eventually and get slammed hard but you gotta appreciate the good they're doing in the mean time.

_________________
Wherever they burn books they will also, in the end, burn human beings. ~Heinrich Heine, Almansor, 1823

?I wouldn't recommend sex, drugs or insanity for everyone, but they've always worked for me.? - Hunter S. Thompson

MCalavera
Veteran
Veteran

Joined: 15 Dec 2010
Gender: Male
Posts: 5,442

26 Feb 2011, 7:45 pm

I mean for the WBC members (with the exception of Fred Phelps). Most of the adults were extremely abused as children by him.

Vexcalibur
Veteran
Veteran

Joined: 17 Jan 2008
Age: 39
Gender: Male
Posts: 5,398

26 Feb 2011, 7:49 pm

skafather84 wrote:

MCalavera wrote:

I personally feel sorry for them.

Anonymous? Yeah....they're gonna piss off the wrong person eventually and get slammed hard but you gotta appreciate the good they're doing in the mean time.

Thing with anonymous is they really are a hive. Most likely the guys who messed with scientology years ago aren't the same ones that just removed WBC. After they get theirs, someone else will take their place. In fact, some members of anonymous really got kicked in the nuts already for hacking.

They also already got a bounty on their heads. The HBGary guy thinking he had their heads is just one of many security experts that would love to become the man who beat anonymous now that anon are receiving so much publicity. Actually, after wikileaks a lot of their infrastructure got down.

_________________
.

LKL
Veteran
Veteran

Joined: 21 Jul 2007
Age: 48
Gender: Female
Posts: 7,402

27 Feb 2011, 2:04 am

Isn't Jester (J3s73r?) the same individual who supposedly took down wikileaks?

Page 2 of 2 [ 31 posts ] Go to page Previous 1, 2

Jump to:

Anonymous vs WBC Post Reply New Topic

Anonymous vs WBC