i see this as cheap advertisment for brink actually. 
every PR is good PR…
i mean, the lulz crew must have some motivation to do this. why do they do this? just for fun? to annoy people? to show their dissatisfaction? or to create some attention? or…?
i wouldnt overrate this hack. its just the lulz crew. i guess they dont have a deeper motivation behind this other than anonymous who fight a actual cyber war.
Erm, are passwords stored in plain text or how could they obtain that? AFAIK only checksums of passwords are stored which would require a dictionary-attack to fully obtain.
This is the problem. According to them they have e-mails and account details but have absolutely no motivation or demands apart from a casual mention of…
“fix your junk”
“show us more skyrim”
(Too) Many websites aren’t storing hashed password. And if it’s the case, then yes, only a bruteforce attack can reveal the original password before it was hashed.
So when a website is sending you the plain password when you forget it, you can assume that it’s stored without being hashed, just like the stat site :stroggtapir:
I think everyone should be happy to have guys like the lulzsec crew pointing out the security issues in various websites.
Did they not post any motive for their actions, or do they just go by some general philosophy in choosing their targets??
thats their official press release. link from their twitter feed.
http://twitter.com/#!/LulzSec
reading a bit about lulz i think they have different motivations. one is to show security issues of big companies in a more funny way and the other is to just own companies or organizations, or governments, they dont like too much.
IRC: irc.lulzco.org (channel #LulzSec | port 6697 for SSL)
BitCoin donations: 176LRX4WRWD5LWDMbhr94ptb2MW9varCZP
Twitter: @LulzSec
. /$$ /$$ /$$$$$$
.| $$ | $$ /$$__ $$
.| $$ /$$ /$$| $$ /$$$$$$$$| $$ \__/ /$$$$$$ /$$$$$$$
.| $$ | $$ | $$| $$|____ /$$/| $$$$$$ /$$__ $$ /$$_____/
.| $$ | $$ | $$| $$ /$$$$/ \____ $$| $$$$$$$$| $$
.| $$ | $$ | $$| $$ /$$__/ /$$ \ $$| $$_____/| $$
.| $$$$$$$$| $$$$$$/| $$ /$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$
.|________/ \______/ |__/|________/ \______/ \_______/ \_______/
//Laughing at your security since 2011!
.-- .-""-.
. ) ( )
. ( ) (
. / )
. (_ _) 0_,-.__
. (_ )_ |_.-._/
. ( ) |lulz..\
. (__) |__--_/
. |'' ``\ |
. | [Lulz] \ | /b/
. | \ ,,,---===?A`\ | ,==y'
. ___,,,,,---==""\ |M] \ | ;|\ |>
. _ _ \ ___,|H,,---==""""bno,
. o O (_) (_) \ / _ AWAW/
. / _(+)_ dMM/
. \@_,,,,,,---==" \ \\|// MW/
.--''''" === d/
. // SET SAIL FOR FAIL!
. ,'_________________________
. \ \ \ \ ,/~~~~~~~~~~~~~~~~~~~~~~~~~~~
. _____ ,' ~~~ .-""-.~~~~~~ .-""-.
. .-""-. ///==--- /`-._ ..-' -.__..-'
. `-.__..-' =====\\\\\\ V/ .---\.
. ~~~~~~~~~~~~, _',--/_.\ .-""-.
. .-""-.___` -- \| -.__..-
Greetings Internets,
This is a story all about how we made Bethesda Softworks, ZeniMax
Media, and everything they own, our bitch for life.
As you should know, The Lulz Boat stores vast amounts of booty;
much of this booty we don't release as it's simply too shiny and/or
delicious. As of late, certain inferior sailing boats have discovered
flaws in Brink (brinkthegame.com), thinking themselves exciting and new.
Too late. The Lulz Boat controls this ocean, chumps.
Some weeks ago, we smashed into Brink with our heavy artillery Lulz
Cannons and decided to switch to ninja mode. From our LFI entry point,
we acquired command execution via local file inclusion of enemy fleet
Apache vessel. We then found that the HTTPD had SSH auth keys, which
let our ship SSH into other servers. See where this is going?
We then switched to root ammunition rounds.
And we rooted... and rooted... and rooted...
After mapping their internal network and thoroughly pillaging all of
their servers, we grabbed all their source code and database passwords,
which we proceeded to shift silently back to our storage deck.
Please find enclosed everything we took, excluding one thing -
200,000+ Brink users. We actually like this company and would
like for them to speed up the production of Skyrim, so we'll
give them one less thing to worry about. You're welcome! :D
Please keep making awesome games, guys, and you should
totally add an official LulzSec top hat to new releases.
But anyway, bwahahaha... >:]
--------------------
See also:
Senate.gov internal data - lulzsecurity.com/releases/senate.gov.txt
i actually find this statement very funny.
The **** was the point in this attack.
there seems to be no motivation whatsoever, and they dont come across as funny.
They come across as irritating as hell.
[QUOTE=Krallis;338404]The **** was the point in this attack.
there seems to be no motivation whatsoever, and they dont come across as funny.
They come across as irritating as hell.[/QUOTE]
its very simple. i think some one already mentioned it here.
its just that they see a big company who handles a few hundert thousand user accounts. and this company is not very careful with the data.
this group comes in and makes the security issues public. its not that they stole the data silently and give it to a 3rd company. no, they make you aware of security issues. and bethesda better increase their efforts to secure user data in the future.
thats one reason behind it.
[QUOTE=kilL_888;338406]its very simple. i think some one already mentioned it here.
its just that they see a big company who handles a few hundert thousand user accounts. and this company is not very careful with the data.
this group comes in and makes the security issues public. its not that they stole the data silently and give it to a 3rd company. no, they make you aware of security issues. and bethesda better increase their efforts to secure user data in the future.
thats one reason behind it.[/QUOTE]
Yeah but they didnt have to publicly release it to the internet.
No matter which way you cut it, that data has been severely compromised and is available to everyone.
If they really wanted to help they wouldnt have released this data.
Stat site says Zero across the board. When will everything be reset to correct amounts?
Probably once theyve sorted out the slightly bigger issues theyve got going on atm.
I imagine itll be working once they have their security and stuff fixed.
I don’t get it, what is the point of it?
What is interesting about our user information?
There is a good possibility of you having identical passwords on forum account and your mail.
Should I continue?
[QUOTE=Krallis;338408]Yeah but they didnt have to publicly release it to the internet.
No matter which way you cut it, that data has been severely compromised and is available to everyone.
If they really wanted to help they wouldnt have released this data.[/QUOTE]
the data they released is the source code if the stat site i think… no personal data is released publicly.
Please find enclosed everything we took, excluding one thing -
200,000+ Brink users.
sometimes a kick in the ass is necessary to help someone. otherwise nothing will change. dont you agree?
At least the PC users don’t have to deal with this. Wait is that a good thing or not?
Double whammy. I didn’t know Epic Games had been attacked until searching the internet. Now I am in the process of fixing those passwords too and am locked out of there. These hackers need to burn in hell. They are affecting regular people who have tough enough time as is. Not cool!
Maybe they’re teaching you to never use the same password on multiple sites.
Maybe they’re reminding you that the people you entrust with your data are totally incapable of keeping it secure.
And what’s with the “hard enough time already” stuff? You’re lounging around forums and playing games.