The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.

New Comic Thread, Monday, June 20th

124

Posts

  • XehalusXehalus Registered User regular
    edited June 2011
    hackers attack -> network security improves

    hackers attack improved network security -> network security improves more

    infinite irony

    Xehalus on
  • TankHammerTankHammer Atlanta Ghostbuster Atlanta, GARegistered User regular
    edited June 2011
    Yes, but network security has nothing to do with DDOS attacks.

    TankHammer on
  • RoyceSraphimRoyceSraphim Registered User regular
    edited June 2011
    Round them up, drop them off at the southern most tip of mexico, give them a map and instructions and their passports and have them make their way back to America. This is also my sentence for gangbanging, selling rock, and cutting me off in traffic.

    RoyceSraphim on
    steam_sig.png
  • Charles KinboteCharles Kinbote Registered User regular
    edited June 2011
    anyone who doesn't hate the prison system in america isn't paying attention

    Charles Kinbote on
  • BroloBrolo Broseidon Lord of the BroceanRegistered User regular
    edited June 2011
    TankHammer wrote: »
    Are these guys (and Anonymous) actually this good at what they do? Or are they just crazy assholes with SQL certificationss and way too much time on their hands? The corporate targets are really this soft?

    It's mostly to do with their numbers than their raw abilities. Having a loose leadership that can say "Okay, we're hitting X website and Y time on Z date next, get to it" and the majority of them just following instructions is a shockingly-effective, blunt instrument.

    The only way to protect against the DDOS attacks would be to learn of the attack and take the servers offline preemptively or to pay for a lot of network redundancy to handle an unreasonable server load, something which isn't exactly cost-effective to do.

    You can beef up security to protect yourself from being infiltrated and having information stolen, but nothing is going to stop thousands of computers simultaneously bombarding a server with a brute-force attack.

    'Least that's how I understand it.

    Amazon's distributed Data Centers work pretty well.
    4Chan tried to take them down, and failed miserably.

    Brolo on
  • jwalkjwalk Registered User regular
    edited June 2011
    taking away functionality of a device for which the consumer has paid is not something Sony should be able to do without serious legal ramifications

    Also, law doesn't work he way you think it works.

    lol really, how does it work then?

    sony can't change the firmware any time they want? oh wait yes they can, it's the first thing you agree to when you TURN IT ON.

    yeah it's too bad they had to remove otherOS - blame the hackers and crackers. sony had no choice, or do you think they should just let their entire system go to shit from rampant cheating in online games? if that happened people would be DEMANDING they update the firmware and fix it... lol

    all you have to do is not update the firmware if you really want to use otherOS.

    for all of the .002% of the user base that wants to legitimately.

    jwalk on
  • Charles KinboteCharles Kinbote Registered User regular
    edited June 2011
    the idea behind a lot of rights is actually explicitly that you don't lose them when you commit a crime

    Charles Kinbote on
  • SwashbucklerXXSwashbucklerXX Swashbucklin' Canuck Registered User regular
    edited June 2011
    I really wish the media (gaming and otherwise) would stop reporting all the "hacks" that are just DOS attacks. That isn't hacking. The only thing that stops any mildly tech-savvy person from learning how to run a DOS attack is that person not being an asshole. The media reports are just giving these idiots attention, which is exactly what they want, and their activity isn't news anyway. DOS attacks happened all the time before the actual Sony hacks and will continue to happen as long as the Internet works the way it works. Save the reporting for legitimate system intrusions that have actually stolen information from companies.

    SwashbucklerXX on
    Want to find me on a gaming service? I'm SwashbucklerXX everywhere.
  • autono-wally, erotibot300autono-wally, erotibot300 love machine Registered User regular
    edited June 2011
    jwalk wrote: »
    joshua1 wrote: »
    So... whats preventing the tracking down of these people.

    I can understand that if they were using remote machines, that could be harder.

    Or bouncing their ip off of somewhere else.

    But do they actually have the resources to do that en masse like they have been doing?

    I would have to assume at least some (if not most of) these chuckleheads were doing this directly from their own machines.

    oh noooo... they are l33t hax0rz who can never be caught..

    except they caught some already, in Spain and Turkey (I hear Turkish prisons are nice this time of year too..)

    also the DDOS attacks almost always use virus/worms installed on people's machines they don't even know about. they are only guilty of not using a good virus scanner... zombies, they're called.

    and even if you tracked them all down and forced them to wipe their computers they would be replaced in a week by 50 zillion more idiots because there is still a butt ton of people out there using windows XP or older that do not use good protection.

    and, are dumb.

    that's not to say windows vista/7 is perfectly secure either..

    you can bet your ass those "caught" in turkey are, at best, script kiddies tangentially involved by googling anonymous once, and at worst dissidents/ in any other way detested by the regime, now rotting in prison
    Anonymous, I think, is not a group of close knit individuals, but an idea, and as such pretty much any dickhole or saint can call himself that- And it's a perfect fucking scapegoat to throw a few unwanted people in jail and control the internet, and people are already buying in on it as we all see.
    Having (probably) western-sourced stuxnet trying to sabotage nuclear facilities in iran? Lol shit happens!
    Having someone hack my favourite video game?!? SHIT take my freedom away in this 9/11 of video games

    autono-wally, erotibot300 on
    kFJhXwE.jpgkFJhXwE.jpg
  • jackaljackal Fuck Yes. That is an orderly anal warehouse. Registered User regular
    edited June 2011
    DDOS attacks can usually be stopped at the ISP level, so a lot of attacks start friday evening when it is difficult to get a hold of someone at the attackee's ISP.

    jackal on
  • ArtreusArtreus I'm a wizard And that looks fucked upRegistered User regular
    edited June 2011
    I thought they were doing a lot more than DDOS attacks. Like actually getting user information from various companies

    Artreus on
    http://atlanticus.tumblr.com/ PSN: Atlanticus 3DS: 1590-4692-3954 Steam: Artreus
  • AneurhythmiaAneurhythmia Registered User regular
    edited June 2011
    TankHammer wrote: »
    The only way to protect against the DDOS attacks would be to learn of the attack and take the servers offline preemptively or to pay for a lot of network redundancy to handle an unreasonable server load, something which isn't exactly cost-effective to do.

    There are some tricks to flexible load balancing that can reduce the impact of a DDoS without requiring a ton of redundant backend hardware. And general internet topography is slowly changing in a way that will help mitigate this shit too.

    Aneurhythmia on
  • AneurhythmiaAneurhythmia Registered User regular
    edited June 2011
    jwalk wrote: »
    yeah it's too bad they had to remove otherOS - blame the hackers and crackers. sony had no choice, or do you think they should just let their entire system go to shit from rampant cheating in online games? if that happened people would be DEMANDING they update the firmware and fix it... lol

    all you have to do is not update the firmware if you really want to use otherOS.

    for all of the .002% of the user base that wants to legitimately.

    You either do not understand the system or are a complete shill for the industry.

    Aneurhythmia on
  • KrunkMcGrunkKrunkMcGrunk Registered User regular
    edited June 2011
    Looks like one of the Lulzsec guys in the UK just got nabbed

    e: although, they claim he wasn't officially part of their group

    http://www.rockpapershotgun.com/2011/06/21/alleged-lulzsec-suspect-arrested-in-uk/
    Update: Metropolitan Police have now confirmed that the arrest was in connection with the attack on the SOCA website, according to Develop. But they also said, “we will examine the individual for any Sony data” confirming that the 19-year-old arrested is also being investigated for the Playstation Network hack.

    LulzSec are, you’ll no doubt have noticed, the hacker collective who have spent several weeks making life difficult for a number of firms across the globe – including many gaming companies. The likes of Eve Online, Minecraft and League of Legends found themselves temporarily offline following DDoS attacks which LulzSec claimed responsibility for. Lately, they targeted government organisations such as the FBI, CIA and the UK government website for SOCA and seemed to think they remained one step of head of whatever law enforcement might or might not be pursuing them.

    Well, moments ago a 19-year-old man from Essex, UK was arrested by Britain’s Police Central e-Crime Unit, allegedly in connection with Lulzsec.

    Scotland Yard have confirmed an arrest “on suspicion of Computer Misuse Act, and Fraud Act offences” following “an investigation into network intrusions and Distributed Denial of Service (DDoS) attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.”

    The FBI apparently assisted in the arrest. The man has a home in Wickford, Essex, which has been searched and computer equipment confiscated.

    There is no official statement that this is indeed related to Lulzsec’s escalating security incursions, but the description of the suspected actions certainly sounds familiar. Security firm Sophos have also cited speculation that the man is connected to Lulzsec investigations.

    Lulzsec had also claimed via Twitter that they have successfully accessed UK Census data. But the Office for National Statistics has released a statement saying: “We are aware of the suggestion that Census data has been accessed. We are working with our security advisers and contractors to establish whether there is any substance to this.

    “The 2011 Census placed the highest priority on maintaining the security of personal data. At this stage we have no evidence to suggest that such a compromise has taken place.”

    More as and when we have it.

    KrunkMcGrunk on
    mrsatansig.png
  • jwalkjwalk Registered User regular
    edited June 2011
    The group of hackers known as LulzSec claimed responsibility for several of the recent high-profile attacks around the world, including the United Kingdom’s Serious Organized Crime Agency, a public network for the United States Senate, a Website belonging to the Central Intelligence Agency, Nintendo’s Website and multiple Sony services.

    federal

    pound me in the ass

    prison

    jwalk on
  • CrossBusterCrossBuster Registered User regular
    edited June 2011
    AMP'd wrote: »
    how many of these guys are going to get recruited into computer security, catch me if you can-style

    Probably not many, considering that the vast majority of these assholes are snot-nosed script kiddies with very little in the way of actual technical knowledge.

    CrossBuster on
    penguins.png
  • LTMLTM Bikes and BeardsRegistered User regular
    edited June 2011
    AMP'd wrote: »
    how many of these guys are going to get recruited into computer security, catch me if you can-style

    Probably not many, considering that the vast majority of these assholes are snot-nosed script kiddies with very little in the way of actual technical knowledge.

    Well they are at least one step ahead of the people currently employed to keep these servers up and running...

    LTM on
  • EdcrabEdcrab Actually a hack Registered User regular
    edited June 2011
    How is someone "officially" a part of the group anyway

    Do they get membership cards? Or is there a database somewhere with a big list of officially sanctioned LulzSec operatives

    Edcrab on
    cBY55.gifbmJsl.png
  • AneurhythmiaAneurhythmia Registered User regular
    edited June 2011
    AMP'd wrote: »
    how many of these guys are going to get recruited into computer security, catch me if you can-style

    Probably not many, considering that the vast majority of these assholes are snot-nosed script kiddies with very little in the way of actual technical knowledge.

    Definitely true of the DDoS kids, but the term script kiddie is pretty out of date at this point. Even as the prefab tools have gotten more elegant, the overall processes have gotten far more complicated. Where you used to download a tool, click a button to poison an ARP cache, and that was step 1 of 3, now you might be able to autopilot into some Facebook accounts on public wifi, but to steal user info databases whole, even with a dozen pre-written tools, would take a pretty decent understanding of the systems in question. It's pretty far from the fire-and-forget heyday of script kiddies from like 1995 to 2002 or so.

    Still, you're right to think very likely none of these people will get jobs out of this. There are plenty of people going into IT security through legitimate channels that are just as smart or smarter. It's not worth the baggage of trying to convert an established troublemaker for most institutions. It's really unlikely that there's a savant capable of consistently generating new penetration methods among the group. Way more likely that you're looking at people taking advantage of a current round of exploits while the gettin' is good and willing to go for more high profile targets than usual.

    It looks like a more profound issue than usual, because you have a loosely organized group that is doing it as a social cause and publicity stunt. And their own publicity on it forces the targets to discuss the attacks publicly as well. Under other conditions, a new round of exploits would mean your bank gets hit for 50,000 accounts, info gets dumped on a Russian black market, and your bank might mail you a polite letter about how they're sorting it out for you. The organization or cause or whatever probably isn't generating an abnormal additional number of attacks in the time period, just more public awareness of them.

    Aneurhythmia on
  • The GeekThe Geek Oh-Two Crew, Omeganaut Registered User, ClubPA regular
    edited June 2011
    Tycho's twitter:
    I felt like you needed to see this page of Controls from the Shadows of the Damned manual:

    327191835.jpg?AWSAccessKeyId=AKIAJF3XCCKACR3QDMOA&Expires=1308679530&Signature=5rr%2BzS03xSVj2cOmh8TAfFbFs60%3D

    The Geek on
    BLM - ACAB
  • LTMLTM Bikes and BeardsRegistered User regular
    edited June 2011
    More games need a keybinding for Hot Boner Payload

    LTM on
  • ButtersButters A glass of some milks Registered User regular
    edited June 2011
    AMP'd wrote: »
    how many of these guys are going to get recruited into computer security, catch me if you can-style

    Probably not many, considering that the vast majority of these assholes are snot-nosed script kiddies with very little in the way of actual technical knowledge.

    Also hiring these miscreants would only encourage more like them and Frank Abagnale wasn't recruited into security. He served two prison sentences in Europe and 4 of a 12-year prison sentence in the US before being granted early release for helping the FBI catch other frauds. His success in legal fraud detection was after he completed his work with the feds and started his own business.

    Companies just don't go a hire someone with federal charges against them.

    Butters on
    PSN: idontworkhere582 | CFN: idontworkhere | Steam: lordbutters | Amazon Wishlist
  • sarukunsarukun RIESLING OCEANRegistered User regular
    edited June 2011
    anyone who doesn't hate the prison system in america isn't paying attention

    This is a staggeringly stupid thing to say.

    I think maybe what you mean is anyone who doesn't realize the prison system in America has serious problems is well on their way to being willfully ignorant.

    sarukun on
  • jwalkjwalk Registered User regular
    edited June 2011
    Right, maybe in the 1970s when nobody understood this stuff outside of a few clever young hackers. Today, there are plenty of people well trained in computer security that do NOT have a federal rap sheet... that companies would rather hire.

    This kid ain't the next Steve Jobs.

    More like Steve Handjobs if you get what I'm sayin...

    jwalk on
  • HunterHunter Chemist with a heart of Au Registered User regular
    edited June 2011
    Butters wrote: »
    AMP'd wrote: »
    how many of these guys are going to get recruited into computer security, catch me if you can-style

    Probably not many, considering that the vast majority of these assholes are snot-nosed script kiddies with very little in the way of actual technical knowledge.

    Also hiring these miscreants would only encourage more like them and Frank Abagnale wasn't recruited into security. He served two prison sentences in Europe and 4 of a 12-year prison sentence in the US before being granted early release for helping the FBI catch other frauds. His success in legal fraud detection was after he completed his work with the feds and started his own business.

    Companies just don't go a hire someone with federal charges against them.

    Unless they're the Dallas Cowboys.

    Hunter on
  • sarukunsarukun RIESLING OCEANRegistered User regular
    edited June 2011
    Butters wrote: »
    AMP'd wrote: »
    how many of these guys are going to get recruited into computer security, catch me if you can-style

    Probably not many, considering that the vast majority of these assholes are snot-nosed script kiddies with very little in the way of actual technical knowledge.

    Also hiring these miscreants would only encourage more like them and Frank Abagnale wasn't recruited into security. He served two prison sentences in Europe and 4 of a 12-year prison sentence in the US before being granted early release for helping the FBI catch other frauds. His success in legal fraud detection was after he completed his work with the feds and started his own business.

    Companies just don't go a hire someone with federal charges against them.

    I guess all that time spent in a dark room with a dirt floor and a bucket to shit in didn't test well with the "Catch Me If You Can" audiences.

    sarukun on
  • ButtersButters A glass of some milks Registered User regular
    edited June 2011
    Or the Benagls.

    Butters on
    PSN: idontworkhere582 | CFN: idontworkhere | Steam: lordbutters | Amazon Wishlist
  • HunterHunter Chemist with a heart of Au Registered User regular
    edited June 2011
    Basically 1/2 of the NFL and we'll leave it at that.

    Hunter on
  • AneurhythmiaAneurhythmia Registered User regular
    edited June 2011
    jwalk wrote: »
    Right, maybe in the 1970s when nobody understood this stuff outside of a few clever young hackers. Today, there are plenty of people well trained in computer security that do NOT have a federal rap sheet... that companies would rather hire.

    This kid ain't the next Steve Jobs.

    More like Steve Handjobs if you get what I'm sayin...

    Actually, it was common enough through the 90s to turn fairly high profile illicit activities around into cushy private sector careers or be consulted as advisers in congressional committee hearings.

    Aneurhythmia on
  • AneurhythmiaAneurhythmia Registered User regular
    edited June 2011
    Hunter wrote: »
    Basically 1/2 of the NFL and we'll leave it at that.

    That's racist.

    Aneurhythmia on
  • ButtersButters A glass of some milks Registered User regular
    edited June 2011
    jwalk wrote: »
    Right, maybe in the 1970s when nobody understood this stuff outside of a few clever young hackers. Today, there are plenty of people well trained in computer security that do NOT have a federal rap sheet... that companies would rather hire.

    This kid ain't the next Steve Jobs.

    More like Steve Handjobs if you get what I'm sayin...

    Actually, it was common enough through the 90s to turn fairly high profile illicit activities around into cushy private sector careers or be consulted as advisers in congressional committee hearings.

    That link doesn't mention anyone being hired as a consultant after being brought up on federal charges.

    Butters on
    PSN: idontworkhere582 | CFN: idontworkhere | Steam: lordbutters | Amazon Wishlist
  • EncEnc A Fool with Compassion Pronouns: He, Him, HisRegistered User regular
    edited June 2011
    Hunter wrote: »
    Basically 1/2 of the NFL and we'll leave it at that.

    That's racist.

    The fact that professional athletes are prone to amoral decisions and questionable legality has less to do with race/economics and more to do with the nature in which their wealth is thrust upon them. Having a criminal record is as common in professional golf as it is in football.

    Enc on
  • AneurhythmiaAneurhythmia Registered User regular
    edited June 2011
    Correct?

    edit: This was meant for Butters' post. Enc, that was a joke on my part.

    Butters, the text to which I applied the link doesn't assert anything you seem to be countering.

    Aneurhythmia on
  • ButtersButters A glass of some milks Registered User regular
    edited June 2011
    Enc wrote: »
    Hunter wrote: »
    Basically 1/2 of the NFL and we'll leave it at that.

    That's racist.

    The fact that professional athletes are prone to amoral decisions and questionable legality has less to do with race/economics and more to do with the nature in which their wealth is thrust upon them. Having a criminal record is as common in professional golf as it is in football.

    Cite plz. Pretty sure the NFL leads all other US sports organizations for jail time by a pretty wide margin.

    Butters on
    PSN: idontworkhere582 | CFN: idontworkhere | Steam: lordbutters | Amazon Wishlist
  • XehalusXehalus Registered User regular
    edited June 2011
    Can we blame the NFL leading, simply because it has more players?

    NBA = 450
    NHL = 690
    MLB = 750
    NFL = 1696

    Xehalus on
  • DruhimDruhim Registered User, ClubPA regular
    edited June 2011
    Xehalus wrote: »
    Can we blame the NFL leading, simply because it has more players?

    NBA = 450
    NHL = 690
    MLB = 750
    NFL = 1696

    oh if only there were some magical way we could mathematically compare the rate at which NFL players offend..

    Druhim on
    belruelotterav-1.jpg
  • HunterHunter Chemist with a heart of Au Registered User regular
    edited June 2011
    Druhim wrote: »
    Xehalus wrote: »
    Can we blame the NFL leading, simply because it has more players?

    NBA = 450
    NHL = 690
    MLB = 750
    NFL = 1696

    oh if only there were some magical way we could mathematically compare the rate at which NFL players offend..

    As president of the SE++ Scientician Club...

    Hunter on
  • ButtersButters A glass of some milks Registered User regular
    edited June 2011
    Pro golf doesn't pay out like any of those other sports at all either. Unless you're entering with the hype of a Tiger Woods (which no one else really has) you only get paid when you're playing well.

    Butters on
    PSN: idontworkhere582 | CFN: idontworkhere | Steam: lordbutters | Amazon Wishlist
  • The GeekThe Geek Oh-Two Crew, Omeganaut Registered User, ClubPA regular
    edited June 2011
    Butters wrote: »
    Pro golf doesn't pay out like any of those other sports at all either. Unless you're entering with the hype of a Tiger Woods (which no one else really has) you only get paid when you're playing well.

    I learned that from Happy Gilmore.

    The Geek on
    BLM - ACAB
  • BroloBrolo Broseidon Lord of the BroceanRegistered User regular
    edited June 2011
    conversation has drifted radically off topic

    http://gizmodo.com/5814117/is-this-the-lulzsecanon-warriors-handbook

    http://pastehtml.com/view/1dzvxhl.html

    The #OpNewblood Super Secret Security Handbook
    If you have not gone through the IRC chat client
    setup for your operating system, we recommend
    you go back and get started there.


    Section 8: ADVANCED GUIDE TO HACKING
    AND SECURITY VULNERABILITY
    by Denizen


    Preface: Information in this section can be extremely confusing for new users, and those without the sufficient technical knowledge to understand. Always be cautious when tinkering with systems you don't fully understand, as this may lead to undesirable results, detection, and in extreme cases system failure or legal trouble.

    For those interested, an excellent guide to Denial of Service Attacks or DDoS can be found here: http://insurgen.cc/index.php?title=DDOS

    Guide By: Denizen
    As the ultimate denizen, you must be able to enter systems at will in various ways. There are many ways to reach a website, and to add protection for yourself in terms of anonimity and minimized vulnerability.

    Table of Contents
    1. SSH Tunnelling Techniques
    2. VPN (Virtual Private Network) Sub-netting techniques
    3. Anonymous SOCKS4/SOCKS5 proxy techniques at
    OS level (e.g. Network Layer 3)
    4. Anonymous SOCKS4/SOCKS5 proxy techniques at Internet Browser Level (e.g. firefox)
    5. Local DNS hosting and Direct to IP internet browsing
    6. Windows /system32/drivers/etc/Hosts File IP DNS Lookup (Associating any ip with any hostname, permanently)

    none of this is really advanced at all :?

    Brolo on
This discussion has been closed.