LulzSec's activities are about as entertaining to me as watching third graders write "poop" on the black board when the teacher isn't watching.
That said, I wish there were a "No" response other than "Hacking into companies and launching DDoS attacks is no laughing matter." The writers of the article seem to be going out of their way to match the stereotype of stodgy old corporate types shaking their fists at the young ones.
Yeah. I don't find them funny at all (well, poptart cat on PBS's site was kinda funny) and I don't agree with DDoSing because it's a vulnerability of the Net at large, not a specific failure of practice of the target (normally) - but I do think it's important to highlight the half-assery of a lot of highly paid security professionals.
Polls are never very good for capturing nuance. I was looking for the "Some of what they do is amusing, and they highlight the vulnerable nature of the systems we take for granted but they are certainly breaking the law and often overstepping what I would consider appropriate" option.
This one isn't especially well designed. For the "yes", it presents two fairly specific answers, ignoring the general case. A lot of biased Internet polls are made like this.
Well, there's a 10+ year animated series running that's basically about watching third graders right poop on the blackboard. So there's an audience. (disclaimer: I think South Park and lulzsec are funny)
I was going to say the same thing about South Park, and I also find it funny, even if I'm not very proud of this fact. I follow the LulzSec Twitter account and I have to say that in the past few days of boring work it was a pleasant breeze to read their tweet and have a little laugh at something stupid. It changes a bit from the usual lolcats ;-).
So my answer to the poll would start with "Yes," but none of the proposed choices fit what I want to say. I certainly don't want "more power to them" but I don't disapprove everything they're doing either.
I was going to say the exact same thing. No, I don't think being able to easily hack into security companies and effectively launching DDOS attacks is a laughing matter, but the onus is on the companies, not LulzSec. I'm glad they're exposing how weak and vulnerable much of the web is, but I don't find it humorous at all. Frankly, I don't think they do either.
I think it is a shame that it came to this. If these attacks required significant sophistication, that would be one thing. If these sites were mom-and-pop shops with low expectations for security, that would be another. (no offense to those moms and pops who have it together ;) )
How many years have we been blowing the trumpet for some rigor in security practices? I've lost track of how many times I've been overridden in the name of expediency and "no one would do that".
It isn't funny that thousands of innocent people are put at risk just to get past the false claims and denials put out by people who supposedly should know better.
With the exception of DDoS attacks, I think what they're doing is a good thing. Malicious hackers don't just take down sites - they go in, and try to get out undetected. If there is a major vulnerability (especially if it's easy to figure out), they're really doing these sites a favor in pointing it out. Obviously, rendering a free service, it's hard to worry about your client's PR issues... especially if bringing it up in a friendly way would probably take multiple phone calls and countless hours. They may not be doing the companies a favor, but they're definitely doing their clients a favor (Citi for example).
Vaguely. Their press releases are funnier, though, and everybody's reactions are hilarious. "Our security flaws wouldn't matter if you didn't go around pointing them out!"
Was it actually just a DDoS attack? I don't consider that a security vulnerability in the slightest. It's a vulnerability, sure. An availability vulnerability I guess.
Well, I know in EVE's case, CCP noticed the DDoS and took down their servers to make sure nothing was being accessed. So, it seems like yeah, they were basically just pointing their botnet at random companies.
Defacing is sometimes humorous especially when it's a braggart security firm. It'd be a useful public service if they'd reveal which specific vulnerability was exploited in each intrusion.
DDoS is lame and stealing or destroying server data is not cool.
I knew security was weak out there, but they are hitting WAY too many sites of major companies. I can't believe they were all this vulnerable.
In the end, I think they are using the media to teach the entire world a lesson about security. I'd like to think that's their goal, but I'm pretty sure it really is for the Lulz.
Of course, not being hacked is better than being hacked, but being lax about security is inviting trouble. Trouble coming your way can be more devastating than a potential public humiliation at the hands of LS.
While they were still choosing targets that either "deserved" it for some moderately reasonable ideological reason (Sony) or should have top-notch security (FBI), yes. Now that they're choosing targets at random, no.
Especially since this is all so likely to end in an acceleration of government crackdown on web freedoms.
Mildly. It would be more amusing if it wasn't the same "joke" we've all been hearing for the last ten years. Remember g00ns? zf0? o&e? myg0t? r3m? ~el8? At least this one isn't in l33tspeak.
If anything, widespread random hacking underscores the need for correct software, so this should be good for those in the business of doing more than clicking shit in Eclipse.
Isn't to bad, keeps security front of mind. If there weren't any groups going around and doing this kind of thing big companies would be even more complacent than they are.
I find it amusing that the main press somehow highlights this in the form of DDOS attacks, and SQL injection rather than the more scary security vulns.. for example what happens when you give almost a million security card carrying clearance people access to all US state department cables..
The scariest security vulns are not technical they are human and institution based.
That said, I wish there were a "No" response other than "Hacking into companies and launching DDoS attacks is no laughing matter." The writers of the article seem to be going out of their way to match the stereotype of stodgy old corporate types shaking their fists at the young ones.