SecurEnvoy Co-Founder Applauds LulzSec Attacks

Status
Not open for further replies.

mister g

Distinguished
Mar 6, 2010
60
0
18,580
[citation][nom]Irrenhaus[/nom]Good Point. But wonder if he will have the same opinion if his company web site was hacked by LulzSec or Anonymous.[/citation]
He would be shutting up, being a security firm CTO. Still I agree with what he's saying but and puts a new point in the face of all the hacker haters in this forum.
 

RazberyBandit

Distinguished
Dec 25, 2008
99
0
18,590
Instead of persecuting them, we need to recognize their talent, embrace their expertise and encourage them across from the dark side to turn their expertise into something constructive rather than destructive.
Except that it's a lot easier to exploit a vulnerability than it is to fix it. Just because they exploited vulnerabilities doesn't mean they know a damn thing about how to prevent them. Learning to fire a weapon is a lot easier than building an impenetrable fortress.

I know this guy is trying to spin this into a wake-up call for security, but looking to the attackers for help/answers probably isn't the best place to start. Just because they brought this into the public spotlight doesn't excuse the fact they did so in a criminal manner, so exonerating them is simply out of the question. The ends do not always justify the means.
 

shanky887614

Distinguished
Feb 5, 2010
232
0
18,840
raz, that is inacuret, most of these people build there own tools (im not saying they did or didnt)

but that is not a very fair comparason

firstly how do you know that there is a problem? you try to break into it and then you know what to fix

 

dalethepcman

Distinguished
Jul 1, 2010
541
0
18,940
[citation][nom]RazberyBandit[/nom]Just because they brought this into the public spotlight doesn't excuse the fact they did so in a criminal manner....[/citation]
Just because you think its not legal, and its not legal where you are from, doesn't mean its not legal.

Look up article 83 of the Iranian penal code. The penalty for Adultery is to be buried up to your neck and stoned, if you can escape from being buried to your neck without outside assistance before someone kills you, then your crimes are forgiven.

Not saying what lulsec did was right, but there are way bigger problems in the world than finding a few hackers to crucify. I think this guy is spot on, just ignore them, and fix your $h!t.
 

theoldgrumpybear

Distinguished
Sep 22, 2010
18
0
18,560
As with most statemnts primarely aimed at helping yourself he has a couple points right and most wrong.

1) Companies are still ignoring security.... Right
2) LulzSec Got lots of PR with low budget... Right
3) They did it without personal or financial gain... Wrong, or at best partially wrong... Known is that someone made money (and LulzSec cant show it is not them) out of this.
4) We need them as security guards since they know how to "waltz into an open network"... Wrong. Just because I can make an IDE and blow up a school full of kids does not make me into an expert in how to secure kids from any possible harm anywhere in the world. With that logic we should embrace all terrorists and employ them as security guards, because they show the flaws in our society. Don't think so...

He will at least make loads of PR for almost no money by stating what he did and we are all helping him.
As an old hacker from the late '70s and early '80s having done the "been there done that" to most institutions who thought they were inpenetrable, (it was easier and harder then, but if you were not there then you probably don't know) I can understand the breaking in and leaving tags but not the taking information out of there. Even an infintile can understand that if you can break into SOE and leave "kilroy was here" tags, you could grab any info you wanted. Taking the info was crossing the ethical line of a hacker.
 

walter87

Distinguished
Jun 28, 2011
70
0
18,580
How is stealing peoples accounts/credit cards etc[citation][nom]dalethepcman[/nom]Not saying what lulsec did was right, but there are way bigger problems in the world than finding a few hackers to crucify. I think this guy is spot on, just ignore them, and fix your $h!t.[/citation]

Regardless, what they did is sabotage websites and exploit peoples personal information, account info, credit card info etc. They should be punished for what they did, perhaps a plea bargain could be used to reduce their sentences.
 

cookoy

Distinguished
Aug 3, 2009
623
0
18,930
wow, it's like saying we should thank the criminals for making us realize the police and the citizens are not doing enough to secure themselves from criminal elements
 

johnsmithhatesVLC

Distinguished
Nov 22, 2010
57
0
18,580
[citation][nom]RazberyBandit[/nom]Except that it's a lot easier to exploit a vulnerability than it is to fix it. Just because they exploited vulnerabilities doesn't mean they know a damn thing about how to prevent them. Learning to fire a weapon is a lot easier than building an impenetrable fortress.I know this guy is trying to spin this into a wake-up call for security, but looking to the attackers for help/answers probably isn't the best place to start. Just because they brought this into the public spotlight doesn't excuse the fact they did so in a criminal manner, so exonerating them is simply out of the question. The ends do not always justify the means.[/citation]
You are dumb. If it's so easy to break security then why haven't all the security holes been found?
 

balister

Distinguished
Sep 6, 2006
74
0
18,580
The thing people are forgetting here is DDoS is overwhelming the networking interfaces, either the interfaces at the server, at the firewall and/or IDS, or at the router connecting the system to the internet. Taking down a site with a DDoS isn't as hard at this guy is making it out to be, you need to have the systems tossing the packets at the target. What allowed this was the exploit of all the AMP (Apache-MySQL-PHP) servers out there that are open to SQL injection, CSS, and RFI attacks. SQL injection is easy to defend against if you just take fifteen minutes when setting up your webserver and properly secure SQL and PHP (which most people don't). This CTO should be preaching to everyone that has set up an AMP webserver and didn't secure it properly, not the people on the other end of the DDoS attacks.
 

bluekoala

Distinguished
Feb 8, 2008
70
0
18,590
[citation][nom]walter87[/nom]How is stealing peoples accounts/credit cards etcRegardless, what they did is sabotage websites and exploit peoples personal information, account info, credit card info etc. They should be punished for what they did, perhaps a plea bargain could be used to reduce their sentences.[/citation]

a plea bargain???
What the hell?
Did they catch anyone?
And out of all the info compromised.
Name me one person that got defrauded using information leaked by Anonymous or LulzSec.

You sir, may need to get your facts straight. Or any fact at all.
 

RazberyBandit

Distinguished
Dec 25, 2008
99
0
18,590
[citation][nom]johnsmithhatesVLC[/nom]You are dumb. If it's so easy to break security then why haven't all the security holes been found?[/citation]
LMAO. I never claimed securing systems was easy. What I said was it's easier to exploit a known vulnerability than it is fix it. The source quoted within the article said these guys attacked well-known vulnerabilities, so obviously it's easier to exploit them than it is to fix them. Otherwise, they wouldn't be well-known vulnerabilities, would they?
 

alidan

Distinguished
Aug 5, 2009
1,681
0
19,730
you people REALLY don't know how coding works, do you?

if they are script kiddies, than yea, they have nothing of value. if they wrote the code, than they know the exploit, and know a way it can be patched.

think of it more like knowing how to open a safe without destroying the inside. if you know how to do that, than you also know how to make it harder to crack open.
 

blahblah1

Distinguished
Jun 30, 2011
1
0
18,510
More proof this has nothing to do with antisec, lulzsec use basic high level exploits made available through full disclosure (so they rely on the security industry) and help the security industry. That is pretty much the exact opposite of antisec.

People are blowing this out of proportion,it's not as if they are running around with an unknown remote apache exploit like el8 were when antisec started. They fumble with SQL injection using tools like Havij, which is pretty much the definition of a script kiddy.

There are real hackers out there, but these aren't them.
 

officeguy

Distinguished
Jul 21, 2009
109
0
18,630
This guy needs his head checked!!! Just because I accidentally leave my house unlocked dones't mean you are invited in. It is still criminal trespassing either way. Locking the doors keeps the honest people out.
These techies are up to speed and are useful to the industry – we need them," he admitted. "What people choose to ignore is many of today’s experts are ex-hackers themselves so Anonymous and LulzSec are actually tomorrow’s authority.
Like the goverment hires people that knows nothing about security. Come on dude.
 

gm0n3y

Distinguished
Mar 13, 2006
1,548
0
19,730
While I agree with what he is saying, he's not exactly coming from a neutral standpoint. He works for a security company that benefits from acts committed by hackers (on non client systems).

[citation][nom]officeguy[/nom]This guy needs his head checked!!! Just because I accidentally leave my house unlocked dones't mean you are invited in. It is still criminal trespassing either way. Locking the doors keeps the honest people out.[/citation]

Sorry, but physical analogies to digital events don't work. Just like pirating a movie isn't equivalent to stealing a physical copy. Also, 'locking the doors' in the digital sense doesn't keep honest people out.
 
Status
Not open for further replies.