Jump to content
LOTROCommunity
Laurinaohtar

Codemasters Hacked

Recommended Posts

The attitude of blaming the companies for poor security instead of the hackers is a pretty modern thing. When I was a lad, criminals were blamed when they committed crimes. Seems these days we prefer to blame the victims.

Criminal are criminals. No question about that. And since we live in an imperfect world full of thieves and vandals we should expect a reasonable level of protection from those elements. I certainly make sure my door is locked when I leave the house and I assume a level of security in banks, shops and the like. Poor security is a magnet to illegal activity wherever it's found. The internet is no different, it's just easier to cover your tracks if you have the know-how.

Share this post


Link to post
Share on other sites

Again.. just to make sure everybody understands, I do not condone hacking, stealing, publishing people private data etc etc.

However, its all well and good saying that if there were not hackers then not data would have to be encrypted, if there were no burglars then we wouldn't have to lock our doors and windows, but there is, so we take measures to try and ensure that our possessions are as safe as we can make them (to a reasonable degree).

If your house is burgled and the police find that you left your doors and windows wide open with your possessions just lying around, whilst a crime has still been committed but how do think they are going to treat you?

How do you think your insurance are going to react?

So if we take sensible measure to ensure our homes are safe then why shouldn't companies take the same measures?

I'm sorry that the world isn't the utopia that some people think that it is, until that it is then people need to take sensible measures such not using one password/username combination for everything, like companies encrypting ALL personal user data or is that too much to ask?

Share this post


Link to post
Share on other sites

If your house is burgled and the police find that you left your doors and windows wide open with your possessions just lying around, whilst a crime has still been committed but how do think they are going to treat you?

How do you think your insurance are going to react?

Technically, that is still a crime here in the Netherlands. I can leave my front door open (assuming for a moment I'm not living on the 8th floor :P). If someone steps in without my permission, it's still unlawful and I can have them arrested (when they refuse to leave that is).

Now, as far as hacking goes.. Lulzsec are not hackers, they are crackers. They do damage, they steal and publish what they steal. Hackers (in their original meaning) are people who find weaknesses in systems, either by attempting to break in to a system or by reverse engineering software. They then proceed to report that weakness. Most of the professional hackers will also try to sell their services to help fix the leak, but that's fair enough.

I've done "hacking" before. The most recent example was Turbine. I discovered a weakness in their website. Am I a criminal for reading information I am not originally allowed to read? No, because I report the weakness and how to breach it. It was fixed the next day. Had I not reported it, I could have used that loophole to bring you a nice list of all private conversations on the LOTRO site, filter them on who got on Palantir, who went against NDA and posted stuff about it to their friends etc.

Hackers are a good thing. Crackers and scriptkiddies are not. The danger lies in these distinct groups being labelled "hackers" collectively by mainstream media or politicians. Especially the last group seems to know computers like I know how to build a reactor capable of nuclear fusion. However, if I were to ever embark on such a mission, I would probably get a lot of expert opinions before deciding what to do. Politicians don't seem to request those experts to share their views. The result: stupid, unmaintainable laws that potentially take away even more of our freedom and privacy.

Examples of this can be found everywhere. In the US, there's the DMCA and a host of other "homeland security" rubbish. In Europe, they're now talking about making the act of writing software that can be used to bring down a network a criminal offence. Seriously? A few script kiddies abuse some software and suddenly we can no longer use it for it's original purpose? I'm sure you've all heard of Anon firing on various websites with LOIC, a tool purpose built to simulate large amounts of network traffic. The fact that they abuse it makes this tool illegal? Really?

What's next, I can no longer buy a breadknife because some idiot killed a man with it?

Share this post


Link to post
Share on other sites

In the US, there's the DMCA and a host of other "homeland security" rubbish. In Europe, they're now talking about making the act of writing software that can be used to bring down a network a criminal offence. Seriously? A few script kiddies abuse some software and suddenly we can no longer use it for it's original purpose? I'm sure you've all heard of Anon firing on various websites with LOIC, a tool purpose built to simulate large amounts of network traffic. The fact that they abuse it makes this tool illegal? Really?

What's next, I can no longer buy a breadknife because some idiot killed a man with it?

Hmm.. and guns are still legal, and, in the US, a "human right" to be able to own one :F:?

Share this post


Link to post
Share on other sites

What proponents of the right to bear arms say: "Guns don't kill people. People kill people."

Sure, but the guns help.

Share this post


Link to post
Share on other sites

Now, as far as hacking goes.. Lulzsec are not hackers, they are crackers. They do damage, they steal and publish what they steal. Hackers (in their original meaning) are people who find weaknesses in systems, either by attempting to break in to a system or by reverse engineering software. They then proceed to report that weakness. Most of the professional hackers will also try to sell their services to help fix the leak, but that's fair enough.

Just to provide a little more detail as to the origin of the term "hacker." Originally, in the late '70s, very early '80s the term hacker was sort of an extension of "hack writer" used strictly to denote us self-taught programmers who didn't have any formal education or training. It was probably intended to be somewhat pejorative. But, there was such a shortage of programming talent at the dawn of the personal computer age that anyone who became a capable programmer was highly sought after regardless of education. Hackers were generally thought of as whiz kids who had a magic way with computers despite the lack of formal education, and some of us took a bit of pride in the appellation.

The term "cracker" was later developed to denote those (mainly from the hacker ranks) who used their programming skills to break into systems (generally ARPANET or other WANS or LANs) or individual computers (such as online bulletin boards or personal computers). This was years before the internet.

The popular media at the time either couldn't or wouldn't differentiate between the two terms and initially both groups were just lumped together as hackers. Since crackers tended to make better news stories and were reported on more often, the term hacker (the only term the popular media seemed to know) came to be more and more associated with them until eventually that became its only meaning.

Just a little stroll down memory lane for yuz kidz.

EDIT: By the way, a piece of programming code that works but doesn't follow coding guidelines is still referred to as a "hack" by programmers.

Share this post


Link to post
Share on other sites

Lulz should come read this site and get a slightly better idea of what people truly think of them. Of all the immature sentiments... Words fail me. Bunch of criminals, no more, no less, and with no better excuse than they wanted to be entertained. Go outside once in a while for Christ's sake!!

Share this post


Link to post
Share on other sites

I suspect Lulz would come & try to hack the site to get their own back, or to try to prove a point, or something. That might be interesting, actually, cos MueR's a miserable git, and Niels would get a chance to prove whether or not he really is a BofH... ;)

My money's on MueR. ;) Other than that, I can only agree with the general sentiment. Stupid self-centred children at best. Much worse than that, otherwise...

Share this post


Link to post
Share on other sites

Hackers are to blame. No matter how much security a company has in place in is not safe from hackers. Also if there were no hackers all data could be held in plain text without any worry as no one would be trying to get a hold of it

I'd say both sides are to blame. Hackers obviously for criminal behavior. Company for not caring about customers and almost straightforward lies about having security not to mention no responsibility after. I think more legal regulations about paying compensations to customers is only thing that would force tighter security.

Share this post


Link to post
Share on other sites

I'd say both sides are to blame. Hackers obviously for criminal behavior. Company for not caring about customers and almost straightforward lies about having security not to mention no responsibility after. I think more legal regulations about paying compensations to customers is only thing that would force tighter security.

/signed

Instead, the trend is to use security as one more excuse to rip customers off.

http://minnesota.publicradio.org/display/web/2011/03/03/consumers-question-need-for-identity-theft-protection/

Here is an interesting survey on network security from 455 small and medium sized businesses, conducted in the United States in October/November 2007. Over half of the companies surveyed directed 10% or less of their fiscal IT resources toward security.

http://www.gfi.com/documents/rv/smbsurvey.pdf

These hackers suck, but they do point out shortcomings by companies whose executives are too busy stuffing their own pockets to concern themselves with the security needs of the customers that provide them with the loot to do so.

Do I think it's okay for the bank to leave the safe open overnight because they don't want to pay to get the lock fixed? Hell no. That doesn't mean I don't want to see the bank robbers who took advantage of the situation caught and punished. But, surely the bank should share in the liability, no?

Storing plain text passwords on a public server? Come on.

Share this post


Link to post
Share on other sites

Agred, in a perfect world there would be no need for locks. But people being people, if you don't even try to stop them from taking your butter from the larder by putting a latch on the door, it's your own fault.

Share this post


Link to post
Share on other sites

Agred, in a perfect world there would be no need for locks. But people being people, if you don't even try to stop them from taking your butter from the larder by putting a latch on the door, it's your own fault.

Whilst I agree that not "locking the door" or encrypting passwords is clearly irresponsible at best the fault of the crime is still with the criminal who committed it.

Share this post


Link to post
Share on other sites

Whilst I agree that not "locking the door" or encrypting passwords is clearly irresponsible at best the fault of the crime is still with the criminal who committed it.

Agreed. Making crime a bit harder than just walking by and snatching the goods reduces temptation to do the crime. And of course, you can't plead for mistake if you're caught red handed.

Making a half-assed hacked-by-six-year-old system should be a crime. No system is foolproof but selling swiss cheese is best left for the swiss cheese merchants.

Share this post


Link to post
Share on other sites

Agreed. Making crime a bit harder than just walking by and snatching the goods reduces temptation to do the crime. And of course, you can't plead for mistake if you're caught red handed.

Making a half-assed hacked-by-six-year-old system should be a crime. No system is foolproof but selling swiss cheese is best left for the swiss cheese merchants.

I do agree that how you protect and store data should be a legal requirement (to a certain extent it is with the Data Protection act). PCI compliance isn't, at the moment, a legal requirement. However there is talk of making it such here in the UK.

https://www.pcisecuritystandards.org/

even then in my opinion it falls short of protecting the consumer fully. I am suprised that no-one (at least not that I have heard) has tried to sue Sony for not protecting there data appropriatly. Even just under the antiquated Data Protection act (in the UK) it would appear Sony fell short.

Share this post


Link to post
Share on other sites

Lulz Security strikes again, this time the Serious Organised Crime agency's website was taken down

http://www.bbc.co.uk/news/technology-13848510

Share this post


Link to post
Share on other sites

Lulz Security strikes again, this time the Serious Organised Crime agency's website was taken down

http://www.bbc.co.uk/news/technology-13848510

Seems to me that some people at Lulz Security have learned some new skills... and are acting like kids with a new toy.. juvenile showing off

guess they will get bored soon enough

Share this post


Link to post
Share on other sites

And this is where they'll get caught and severely punished. Once they start hacking government websites, it's only a matter of time.

Punished? Kneecaps and knuckles?

Share this post


Link to post
Share on other sites

And this is where they'll get caught and severely punished. Once they start hacking government websites, it's only a matter of time.

They've been hacking government websites for months. But yeah, they'll be caught eventually. I'm sure a few, if not most, are already on radar.

Share this post


Link to post
Share on other sites

The term hacker :)

It used to be that hacker was a positive term. In fact, everyone who knows a program VERY WELL, to the point where their knowledge enables them to use that program to do more than it was originally intended is a hacker.

Then the media came along and hacker became a negative term. Then, the terms :

Black hat hacker

White hat hacker

and

Grey hat hacker

popped up.

Black = bad guy = destroys, is payed to destroy, exposes, is payed to expose

White = good guy = solves, is payed to solve, informs, is payed to inform

grey = the zone in between, is payed to solve and is payed to destroy and all other combinations.

As for : who's bad ?

Clearly : the people who break in and enter.

But the companies who store passwords in cleartext are just as bad. You should not blame the end-user for choosing a too weak a password. There are plenty systems to enforce password policies, a user will always pick the easiest route.

Those companies should put in place a system that forces the user to pick a complicated password of sufficient length.

You expect your bank to put in place enough security to protect your money right ?

So.. the guilty parties:

1) The burglar who knowingly went in and stole stuff

2) The company who should protect the information they chose to keep safe for you.

in that order.

Binabik

Share this post


Link to post
Share on other sites

Lulzsec is trying to jump-start a movement. The media is helping:

http://www.cbs8.com/story/14941495/unusual-stenciled-graffiti-on-mission-beach-boardwalk

Share this post


Link to post
Share on other sites

Not really - they are all declaring this guy a "mastermind" when it looks like he just ran their IRC channel. I'm also curious as to why Turbine's forums are down at the mo (or at least they have tweeted they are)

Share this post


Link to post
Share on other sites

Maybe they finally realized their web security is as watertight as a colander.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...