Overclock.net › Forums › Industry News › Technology and Science News › Consolidated LulzSecurity News Thread -=Updated 6/15/2011=-
New Posts  All Forums:Forum Nav:

Consolidated LulzSecurity News Thread -=Updated 6/15/2011=- - Page 67  

post #661 of 708
Quote:
Originally Posted by L Lawliet View Post
So they've just developed an efficient method of getting into it with this 0day thing, or it's the protection they're using? Sorry if these are all common knowledge, just trying to get my head around how they're so successful.
SQL Injection is simple.
That was how they got into Sony.

Meaning noob mistakes on the people who manage the servers.
Basically these are exploits that have been around for a while.

For example, it's like a non-patched XP machine.
post #662 of 708
Quote:
Originally Posted by L Lawliet View Post
Did they just DDoS cia.gov or did they actually hack it? I believe the challenge laid down by some twitterer was to change some text on a gov website, but all I've seen them be able to do at the moment is just put it offline for a while.
Well I'd hope that most government websites were harder to break into than the rest. I imagine that the CIA website is full of honeypots to keep the kids entertained. That or it's just really hard to break into.

Of course it might be full of vulnerabilities if the IT budget was spent elsewhere.

Quote:
Originally Posted by L Lawliet View Post
I agree it's stepping it up a notch, but it's not like they broke into the CIA or anything. They just put the website down, and it's really just a website.

What's this Apache thing I keep seeing mentioned?
It's the software which processes the initial for a file on a web server. That request could then be further processed by other things, like PHP.

Quote:
Originally Posted by L Lawliet View Post
So they've just developed an efficient method of getting into it with this 0day thing, or it's the protection they're using? Sorry if these are all common knowledge, just trying to get my head around how they're so successful.
Many (most?) of the flaws they've encountered were in the actual site programming. A common issue is user input that doesn't get sanitised. For example, you may have a search box on your site but don't make sure that the user enters "safe" search terms. If you simply run a query on your database with whatever they entered, you leave yourself open to attacks. It's possible to append an arbitrary query to a search term, including grabbing data from other parts of the database that shouldn't be accessible, or inserting data into it. Assuming that the database user that the site uses to connect has the right privileges, you could also delete the entire database.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
post #663 of 708
I suggested they do something about debt. We shall see.
Caseless Wonder
(13 items)
 
  
CPUMotherboardGraphicsRAM
q6600 650i Ultra 9600 512 4gb 
Hard DriveOptical DriveOSMonitor
4x500gb caviar black dvd burner Windows 7 x64 19inch 
KeyboardPowerCaseMouse
G15 revision 1 700watt? N/A mx518 
Mouse Pad
none 
  hide details  
Caseless Wonder
(13 items)
 
  
CPUMotherboardGraphicsRAM
q6600 650i Ultra 9600 512 4gb 
Hard DriveOptical DriveOSMonitor
4x500gb caviar black dvd burner Windows 7 x64 19inch 
KeyboardPowerCaseMouse
G15 revision 1 700watt? N/A mx518 
Mouse Pad
none 
  hide details  
post #664 of 708
Attacking the FBI CIA and Senate? Something tells me these guys won't be around too long. If someone is going to be made an example of they will be it.

Honestly I think this thread should be deleted. These guys hack to spread their visibility and so far it is working. If anything thinks this is a WIN I think they should be hacked and have their info spread all over the internet for everyone to see to see what its like to be a victim of senseless hacking.

What they are doing is highly illegal and in the case of the FBI and CIA their hacking could potentially jeopardize our national security. If these guys ever get caught they should be nailed to the wall and made a complete example of. Send them to Guantanamo Bay and set the precedent that any attacks on the U.S. Government, cyber or physical, are an act of war and should be treated that way.
post #665 of 708
I didn't know they took suggestions/challenges.

And yes, SQL injection is one of the simplest things to avoid. It just takes a few extra minutes in developing a website to block it. I'm guessing there were some thoughtless or lazy devs involved.
A-Trance
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 965 790GX-G65 (MS-7576) NVIDIA GeForce 9800 GT G.Skill Ripjaws 1600 CL9 
RAMHard DriveOSMonitor
G.Skill Ripjaws 1600 CL9 G.Skill Phoenix Pro 60GB, 1TB WD Caviar Black Windows 7 Pro x64 Samsung 21.5' 
KeyboardPowerCase
Logitech G100 Gigabyte Superb 720W Antec 300 Modded 
  hide details  
A-Trance
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 965 790GX-G65 (MS-7576) NVIDIA GeForce 9800 GT G.Skill Ripjaws 1600 CL9 
RAMHard DriveOSMonitor
G.Skill Ripjaws 1600 CL9 G.Skill Phoenix Pro 60GB, 1TB WD Caviar Black Windows 7 Pro x64 Samsung 21.5' 
KeyboardPowerCase
Logitech G100 Gigabyte Superb 720W Antec 300 Modded 
  hide details  
post #666 of 708
the lulz are gone for me. its annoying.
Blipper
(20 items)
 
First LEGIT Rig!
(17 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7 2700K @4.5Ghz (1.32v) Asus Maximus V Extreme Asus Strix GTX 1080 OC Edition Kingston HyperX 8GB 1866 
RAMHard DriveHard DriveHard Drive
Kingston HyperX 8GB 1866 Samsung Evo 840 500GB Seagate Barracuda ST1000DM003 1TB 7200 RPM Western Digital Black 1TB 7200RPM 
Optical DriveCoolingOSMonitor
ASUS DRW-24B1ST Corsair H100i Windows 10 Professional Dell Gaming S2716DG 27" 
MonitorMonitorKeyboardPower
BenQ GW2760HS 27" BenQ GW2760HS 27" Ducky Shine II (Red LED,Cherry MX Blue) CORSAIR Professional Series Gold AX850  
CaseMouseAudioOther
Corsair 650D Logitech G502 Yamaha R-v703 w/ Yamaha Monitors Obbuto Revolution for Desk/Cockpit 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q9400 P45 Neo-F (MS-7519) NVIDIA GeForce GTX 460  Value Ram 
RAMRAMHard DriveOptical Drive
Value Ram  Value Ram Western Digital Blue some DVDRW 
CoolingOSMonitorKeyboard
Corsair A70 Win 7 Ultimate 64bit Samsung SyncMaster T260 26" Steelseries 6Gv2 
PowerCaseMouseMouse Pad
Antec TruePower 550 Haf 912 Razer Lachesis Razer Goliathus 
Audio
Yamaha R-V703 w/ ATH-M50 
  hide details  
Blipper
(20 items)
 
First LEGIT Rig!
(17 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7 2700K @4.5Ghz (1.32v) Asus Maximus V Extreme Asus Strix GTX 1080 OC Edition Kingston HyperX 8GB 1866 
RAMHard DriveHard DriveHard Drive
Kingston HyperX 8GB 1866 Samsung Evo 840 500GB Seagate Barracuda ST1000DM003 1TB 7200 RPM Western Digital Black 1TB 7200RPM 
Optical DriveCoolingOSMonitor
ASUS DRW-24B1ST Corsair H100i Windows 10 Professional Dell Gaming S2716DG 27" 
MonitorMonitorKeyboardPower
BenQ GW2760HS 27" BenQ GW2760HS 27" Ducky Shine II (Red LED,Cherry MX Blue) CORSAIR Professional Series Gold AX850  
CaseMouseAudioOther
Corsair 650D Logitech G502 Yamaha R-v703 w/ Yamaha Monitors Obbuto Revolution for Desk/Cockpit 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q9400 P45 Neo-F (MS-7519) NVIDIA GeForce GTX 460  Value Ram 
RAMRAMHard DriveOptical Drive
Value Ram  Value Ram Western Digital Blue some DVDRW 
CoolingOSMonitorKeyboard
Corsair A70 Win 7 Ultimate 64bit Samsung SyncMaster T260 26" Steelseries 6Gv2 
PowerCaseMouseMouse Pad
Antec TruePower 550 Haf 912 Razer Lachesis Razer Goliathus 
Audio
Yamaha R-V703 w/ ATH-M50 
  hide details  
post #667 of 708
Quote:
Originally Posted by mbudden View Post
Snip
and
Quote:
Originally Posted by randomizer View Post
Snip
Thank you very much! I'll do some more reading SQL Injections.

Do we think it's going to get any bigger, they must be making a lot of money from these phone calls. If that's dumped into securing themselves even more this could be prolonged.
Breakbot
(14 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k @ 4.5 Asus P8P67- Pro Gigabyte 560ti OC'd 8Gb G.Skill Ripjaws 1600Mhz 
Hard DriveOSMonitorKeyboard
Crucial M4 64 GB + WD Caviar Black 1 TB Windows 7 (64) Dell 2412M Ducky Shine (Blue) 
PowerCaseMouseMouse Pad
Corsair TX-650 NZXT Phantom Deathadder Moinix Propus 
Audio
Asus Xonar DG + AIAIAI TMA-1s  
  hide details  
Breakbot
(14 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k @ 4.5 Asus P8P67- Pro Gigabyte 560ti OC'd 8Gb G.Skill Ripjaws 1600Mhz 
Hard DriveOSMonitorKeyboard
Crucial M4 64 GB + WD Caviar Black 1 TB Windows 7 (64) Dell 2412M Ducky Shine (Blue) 
PowerCaseMouseMouse Pad
Corsair TX-650 NZXT Phantom Deathadder Moinix Propus 
Audio
Asus Xonar DG + AIAIAI TMA-1s  
  hide details  
post #668 of 708
Quote:
Originally Posted by L Lawliet View Post
and


Thank you very much! I'll do some more reading SQL Injections.

Do we think it's going to get any bigger, they must be making a lot of money from these phone calls. If that's dumped into securing themselves even more this could be prolonged.
They don't make money off the phone calls. In fact today they took to using those phone calls as a phone DDoS for a couple of places. 5-10 calls per second sent to the Detroit PD,
Herp
(1 item)
 
  
Other
Dolla Billz Yall! 
  hide details  
Herp
(1 item)
 
  
Other
Dolla Billz Yall! 
  hide details  
post #669 of 708
Quote:
Originally Posted by Scrappy View Post
They don't make money off the phone calls. In fact today they took to using those phone calls as a phone DDoS for a couple of places. 5-10 calls per second sent to the Detroit PD,
Did they resort to mass pizza deliveries again too?
A-Trance
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 965 790GX-G65 (MS-7576) NVIDIA GeForce 9800 GT G.Skill Ripjaws 1600 CL9 
RAMHard DriveOSMonitor
G.Skill Ripjaws 1600 CL9 G.Skill Phoenix Pro 60GB, 1TB WD Caviar Black Windows 7 Pro x64 Samsung 21.5' 
KeyboardPowerCase
Logitech G100 Gigabyte Superb 720W Antec 300 Modded 
  hide details  
A-Trance
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 965 790GX-G65 (MS-7576) NVIDIA GeForce 9800 GT G.Skill Ripjaws 1600 CL9 
RAMHard DriveOSMonitor
G.Skill Ripjaws 1600 CL9 G.Skill Phoenix Pro 60GB, 1TB WD Caviar Black Windows 7 Pro x64 Samsung 21.5' 
KeyboardPowerCase
Logitech G100 Gigabyte Superb 720W Antec 300 Modded 
  hide details  
post #670 of 708
I thought I read somewhere that they made money from it, would have been rather cool to see this globally funded pirate ship wage war on the authorities, if only they directed their adventures more toward internet freedom rather than just lulz.
Edited by L Lawliet - 6/15/11 at 10:05pm
Breakbot
(14 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k @ 4.5 Asus P8P67- Pro Gigabyte 560ti OC'd 8Gb G.Skill Ripjaws 1600Mhz 
Hard DriveOSMonitorKeyboard
Crucial M4 64 GB + WD Caviar Black 1 TB Windows 7 (64) Dell 2412M Ducky Shine (Blue) 
PowerCaseMouseMouse Pad
Corsair TX-650 NZXT Phantom Deathadder Moinix Propus 
Audio
Asus Xonar DG + AIAIAI TMA-1s  
  hide details  
Breakbot
(14 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k @ 4.5 Asus P8P67- Pro Gigabyte 560ti OC'd 8Gb G.Skill Ripjaws 1600Mhz 
Hard DriveOSMonitorKeyboard
Crucial M4 64 GB + WD Caviar Black 1 TB Windows 7 (64) Dell 2412M Ducky Shine (Blue) 
PowerCaseMouseMouse Pad
Corsair TX-650 NZXT Phantom Deathadder Moinix Propus 
Audio
Asus Xonar DG + AIAIAI TMA-1s  
  hide details  
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
This thread is locked  
Overclock.net › Forums › Industry News › Technology and Science News › Consolidated LulzSecurity News Thread -=Updated 6/15/2011=-