It's OK, guys
The ESA, NASA, Pentagon, Federal Reserve, Interpol, FBI, etc. can stop worrying. Kim Dotcom will come to the rescue and keep all their sensitive data encrypted and safe from miscreants with his new Mega file storage service.
The hacking collecting GhostShell has announced it has finished operations for the year, but has signed off with a dump of around 1.6 million account details purloined from government, military, and industry. "ProjectWhiteFox will conclude this year's series of attacks by promoting hacktivism worldwide and drawing attention to …
Yes because its all the OS's fault, not the software that if run in a way it wasn't intended to blaps details, exploit in something else or poor passwords are not to blaim.
There are loads of attack vectors these days that people are only starting to realise are vulnerable, a simple coding mistake on a website can give an attacker the ability to do something unintended but permitted by the software.
This post has been deleted by its author
It could be true, I dunno, but then its still the lack of maintenance which caused the intrusion(s).
AC for very obvious reasons; I've recently experienced this myself with a certain customer server. It ran Debian.... 3.1 (Sarge). In the year 2010, 2011, 2012... Of course Sarge's release date was 2005 and it has been long superseded. Heck; even the lack of security updates was no problem for this customer. As long as the server ran "all was fine".
This server has been compromised a few times now and from the looks of it has been again quite recently. So; who or what is to blame; the operating system?
I don't think so....
Lots of VMS systems and mainframes a lot older than 2005 running in production still. Upgrading an OS on a mission critical business system is a HUGE deal for most decent sized businesses. Walling off your business critical system as much from not just the internet but internal networks as much as you can is generally best practice. Of course the OS on a public facing web server is a whole different matter.
Here's a huge list of email addresses and names. LET SLIP THE DOGS OF WAR. Then we all get something...
Asshats. You can get and legally use most of this data for less than the cost of calling a lawyer to see how much trouble it is worth. Validated names and email addresses from respectable vendors cost our partners less than $6,000 per thousand for 30 day use. Why even bother with the fringe stuff? If you are serious about changing things then you'll figure out a way to find a few thousand dollars.
Kids were smarter in my day.
That's what they *said* they did, but if the various arrested Anons are any indication of character, that were these guys are fantasists. It's more likely they got the addresses by rifling through third-party servers like forums or conference organisers that don't have such high security.
You can get a shit-load of ESA and NASA addresses just by scanning the abstracts of aerospace conference papers, and it's not too hard to weed through other spam-lists to find certain domains.
And when you've got them, what the fuck use is a pile of email addresses at the Department of the Treasury, or the European Space Agency anyway. What are they going to do with them? *Spam* them into revealing that the financial crisis is a result of the world's governments paying a gold tribute to the aliens that landed in Roswell? Seriously... acquisition of something resembling a life is in order here.
But hey, they're saving the world (from something as yet undefined) and taking a stand (for something as yet undefined).
I know that security is important and I'm not saying that what they've done here doesn't point out some security flaws, but it really is just willy waving. They aren't doing anything useful here it's just kids running around being douches. Hacktivism is supposed to have a political goal. This clearly doesn't so they aren't Hacktivists they are just vandals.
Of course it did - there were lots of new Powerpoint presentations about the importance of security.
This did mean upgrading every government employee to the new version of Powerpoint but we were able to offset the costs of this by firing some admins and moving all the computer stuff onto Dropbox.
The US keeps on flaunting it's technical prowess. If this is true how come so much of their data leaks?
Little wonder China saves so much on military R & D; The Congress should forget about Chinese backdoors and get the 'experts' to stick their fingers in the leaking dykes of US IT.
A bunch of people at $orkplace have had warnings today from the local CERT team because their details were published.
Looking at several of the warnings, the thing which stands out most clearly is that ESA didn't bother with any form of encryption for passwords on their website. The rest of the details were already publically available.