Anonymous vs. Some Security Firm

[Dust]

A very interesting series of events:
http://arstechnica.com/tech-policy/news ... -price.ars
http://arstechnica.com/tech-policy/news ... nymous.ars

More articles reachable from here:
http://arstechnica.com/tech-policy/news ... s-back.ars

[MindyMcfly]

http://www.bbc.co.uk/news/technology-12253746

UK's digital rights bill gets its first test cases and its not going well.

[Dust]

:)

[MindyMcfly]

I love the way they pick on hackers and then wonder why their systems get shut down.

Best one in the British case was the hacker leaking personal information from the law firms systems, thus getting the law firm into trouble.

"In September, ACS: Law was the victim of a cyber attack and it accidentally exposed thousands of its e-mails online when its website went live again.

These e-mails detailed all the people it was pursuing and the pornographic films they were accused of downloading for free.

The data breach is the subject of an ongoing investigation by the Information Commissioner, and Mr Crossley could face a hefty fine."

[Dust]

http://arstechnica.com/tech-policy/news ... y-hack.ars

A high level description about how the hack was pulled off. It contains perls like the e-mail conversation between the hacker and an admin which results in the hacker getting full SSH access, after being told the password and user account of the admin's boss, or an example why it is bad to use the same password for multiple accounts.

[MindyMcfly]

Very smart, we use CMS here.... hmmmmm

[Tiel]

Very smart, we use CMS here.... hmmmmm

Every site uses a 'CMS', but the CMS with the name CMS that you might mean is not the custom made CMS used on the HBGary site.

Every web developer should know how to prevent simple cracks like mentioned in the article. In many custom made cases when software is unsafe, it's because it has been written too quickly in a limited timespan where the focus lies on looks rather than security. Customers don't want to pay for security, but they do pay for beauty. Dev companies will then simply make the decision to give the client what he pays for and nothing more. However, a good and fast programmer in a company like that should not make these mistakes.
Software that is being developed for years by many people (like this PHPBB forum) is usually much safer and hard to crack. However, if a security flaw is discovered, all the websites running the same version of the software are vulnerable. So it doesn't necessarily mean you're more secure, but if you patch/upgrade as often as possible you can avoid many problems.

The most fun part of this hack is the 'social engineering' part. The hacker tricked someone over e-mail into believing he was someone else and got him to open up ports and lower security. Something the famous hacker Kevin Mitnick was good at too.

All in all, this was not the most impressive hack in history, most script kiddies with some experience should be able to pull this off as well. 'Proper' hackers do something that hasn't been done before, like break into a bank They exist.

[Dust]

Maybe not the most impressive, but surely a quite funny one :)