• Check out all the best Amazon Prime Day deals 2021 here!

Report: LulzSec Used SQL Injection, XSS and RFI

Status
Not open for further replies.

officeguy

Distinguished
Jul 21, 2009
109
0
18,630
0
They disbanded because the government and companies were investigating them, NOT because they 50 days are up. I guess they think the public is suppose to believe them. They are cowards hiding behind a computer just like criminals who rob people wearing masks. People who agree on what they did needs to get their head checked!!!
 

modinn

Distinguished
Dec 28, 2010
5
0
18,510
0
Not a huge shock, as I've rarely seen anyone defend the skill set of these guys. And although I do not condone these attacks in the slightest, it does raise the question: Why have all companies not implemented and/or developed better solutions to XSS and SQL injection attacks?

You don't have to spend millions and millions of dollars to defend against SQL injection or XSS, they are very well established exploits and can easily be defended against or deterred. Plus it leaves traces, especially if the company has taken steps to make it harder to access SQL command injection. Fix the easy stuff that all crackers can easily exploit (like Lulzsec has) first, and then move on to the harder stuff meant for professional crackers.

All this talk about building an impenetrable fortress of internet security. It doesn't matter how many packet sniffers, IP loggers, firewalls, or intrusion detectors you have surrounding your fortress, if you don't have a good foundation (essential security fixes), then the fortress will collapse on itself. These guys didn't care about whether their hacks were quiet or not. They WANTED the publicity and that's what made these attacks so successful.

 

gm0n3y

Distinguished
Mar 13, 2006
1,549
0
19,730
0
SQL Injection and XXS are so easy to prevent too. You don't need to be an intelligent programmer to prevent them, just use the latest standards (or even any standards made in the last 5 years or so) and they automatically prevent it. In asp.net you have to override specific settings to allow XXS and don't use dynamic SQL. It may be easier to write, but I have yet to see a case where you couldn't code around the need to use it.
 

illo

Distinguished
Jan 25, 2011
48
0
18,580
0
who cares why they were disbanded? they proved, much like anon has, that simple attacks are still way to effective to bother with trying any revolutionary hacks.

We dont live in a world that allows people to leave there cars running while they go shopping. We live in a world that has crime, and lulzsec and anon have continually proven that if a major cyberwar happens, the US and major corporations have little defenses in place to defend against them.

 

restatement3dofted

Distinguished
Jan 5, 2010
165
0
18,630
0
[citation][nom]officeguy[/nom]They disbanded because the government and companies were investigating them, NOT because they 50 days are up. I guess they think the public is suppose to believe them. They are cowards hiding behind a computer just like criminals who rob people wearing masks. People who agree on what they did needs to get their head checked!!![/citation]

How's the view from up there?
 

hoofhearted

Distinguished
Apr 9, 2004
423
0
18,930
0
That makes sense. Firewalls and such that are meant to keep people out are no good against these types of attacks, since they are using the same routes that normal application usage would use.
 

the_krasno

Distinguished
Sep 29, 2009
300
0
18,930
0
[citation][nom]gm0n3y[/nom]SQL Injection and XXS are so easy to prevent [/citation]

aaaaaaaaaaaaaaaaaaaaaaand the CIA got hacked too. This is sad.

 

wcnighthawk

Distinguished
Nov 15, 2010
17
0
18,560
0
So the phrase "Who's the bigger fool, the fool or the fool that follows" is the first thing I thought when reading this article. I see a lot of comments on Lulzsec about them being no skilled amateurs, using kiddie scripts and basic hacking tools. That may be true, but what's worse. No skill amateurs using old school type hacks or the companies/goverment that chose to ignore easily patchable loopholes into their systems and allow the hacks to suceed?
 

dgingeri

Distinguished
Dec 4, 2009
175
0
18,640
4
[citation][nom]gm0n3y[/nom]SQL Injection and XXS are so easy to prevent too. You don't need to be an intelligent programmer to prevent them, just use the latest standards (or even any standards made in the last 5 years or so) and they automatically prevent it. In asp.net you have to override specific settings to allow XXS and don't use dynamic SQL. It may be easier to write, but I have yet to see a case where you couldn't code around the need to use it.[/citation]

True you don't have to be a smart programmer to prevent these things. You just have to not be a lazy programmer. Lazy is the biggest problem in the US and Europe these days.
 

balister

Distinguished
Sep 6, 2006
74
0
18,580
0
[citation][nom]the_krasno[/nom]aaaaaaaaaaaaaaaaaaaaaaand the CIA got hacked too. This is sad.[/citation]

CIA got DDoS'd, not hacked. Big difference.
 

Max Collodi

Distinguished
Feb 24, 2010
115
0
18,640
8
[citation][nom]balister[/nom]CIA got DDoS'd, not hacked. Big difference.[/citation]
Keep in mind that this attack was against their public website not their internal computer network. The public website is a resource available to all and only hurts internet users that rely on the information for research etc.
 

nebun

Distinguished
Oct 20, 2008
1,160
0
19,240
3
revolutionary...why needs those methods when security companies refuse to fix the old problems....good on them for using old tech to destroy new tech
 

hoofhearted

Distinguished
Apr 9, 2004
423
0
18,930
0
One big problem is the organization of larger IT shops themselves. Most companies have a network department and a development department. The mentality of the dev dept is to produce the product and depend on the network dept to protect them from nefarious activity. The role of the network dept is to keep the bad man out, so I can see where a corporate culture change is required.
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
I Streaming Video & TVs 0
henrytcasey Streaming Video & TVs 1
Mike Andronico Streaming Video & TVs 1
Mike Andronico Streaming Video & TVs 2
Mike Andronico Streaming Video & TVs 3
Marshall Honorof Streaming Video & TVs 3
G Streaming Video & TVs 20
G Streaming Video & TVs 0
G Streaming Video & TVs 4
G Streaming Video & TVs 8
G Streaming Video & TVs 10
G Streaming Video & TVs 0
G Streaming Video & TVs 5
G Streaming Video & TVs 0
G Streaming Video & TVs 1
G Streaming Video & TVs 0
G Streaming Video & TVs 7
G Streaming Video & TVs 1
G Streaming Video & TVs 0
G Streaming Video & TVs 0

ASK THE COMMUNITY