The latest in HAAAAAX

[Darth Avlectus]

What is it with hackings lately? Seriously now?

 

Source: http://www.tomshardware.com/news/Anonymous-LulzSec-DDoS-Neverwinter-Edmonton,12954.html

 

Wednesday evening BioWare said in a blog that on Tuesday a hacker gained unauthorized access to the decade-old BioWare community server system associated with the Neverwinter Nights forums. The developer reportedly took immediate action after learning of the breach by protecting user data, and then launched an ongoing evaluation to determine the extent of the hackers' infiltration.

 

"We have determined that no credit card data was compromised, nor did we ever have or store sensitive data like social security numbers," said studio general manager Aaryn Flynn. "However hackers may have obtained information such as user account names and passwords, email addresses, and birth dates of approximately 18,000 accounts--a very small percentage of total users. We have emailed those whose accounts may have been compromised and either disabled their accounts or reset their EA Account passwords."

 

Flynn said that if users do not receive an email from BioWare, of if the password still works on the EA account, then chances are the hackers didn't retrieve their information. Naturally Flynn suggests that users should change passwords regularly; they also shouldn't use a universal password for all websites and accounts.

 

A FAQ provided by BioWare and EA states that the server system associated with the Neverwinter Nights forums was the target of a highly sophisticated and unlawful cyber attack. So far this was the only server system known to have been affected by the unauthorized attack. Once BioWare discovered the attack and locked down the server system associated with Bioware Edmonton’s Neverwinter Nights forums, the developer disabled all legacy BioWare accounts that were affected, and reset the passwords of any EA Accounts that were affected.

 

"We take the security of your information very seriously and regret any inconvenience this may have caused you," Flynn said. "We advise all of our fans to always be aware of any suspicious emails or account activity and report any suspicious emails and account activity to Customer Support at 1-866-543-5435."

 

BioWare is just the latest in a growing list of gaming and government websites that have received a DDoS cannon and/or directly hacked. The onslaught seemingly initiated with an assault on the PlayStation Network that brought it to a screeching halt. Epic Games, Bethesda, EVE Online and the CIA are just a few that have suffered the wrath of hacker group LulzSec just in the last week. Currently it's unknown if LulzSec is behind the BioWare attack, so stay tuned.

 

Sony gets it first, then Google, and several others I'm sure I've missed. Now this. Have any of the haxors of these infamous events been caught of late?

 

Yes totenkopf, go ahead and post the picture of our monitor throwing friend.

[Miltiades]

Next up, Sega.

[harark1]

Actually to my knowledge none have been caught, though one had admitted to many of these hackings. Lolzsecurity admitted to hacking(on their twitter account, I'm not joking), minecraft, the us senate, legions of legends, sony, bethesda, and many others.(Those are just the ones I know off the top of my head.)

[Totenkopf]

Have to wonder how much is emanating from the PRC and how much from mere hackers.

 

@GTA---As to Dr. Haxxxx......well, Red stopped by earlier and left you this message.

 

[Darth Avlectus]

^^^

[ChAiNz.2da]

Bunch of dumbass script-kiddies found themselves a new brute force toy Tired of this crap.

 

Would be nice if companies would take further measures though before getting hit.. :¬:

 

EDIT:

 

It’s Time to Abandon Passwords

 

Mat Honan — For months, there's been a steady trickle of sites getting hacked, followed by their usernames and passwords being passed around publicly on the Web. It's a real and growing problem that's just going to get worse.

 

Source

 

Interesting idea.. but I can't think of anything at the moment that would replace it without even steeper "big brother" methods. Biometrics possibly, but what a pain in the arse

[Mav]

Biometrics possibly, but what a pain in the arse

I don't want to submit to a retina scan when I come here

[Bob Lion54]

I don't want to submit to a retina scan when I come here

 

That's better than what I thought I read until I reread your sentence.

 

Especially with the ":P" at the end.

[Tommycat]

There are other methods of protecting end user data. Just make sure you change your passwords regularly on anything you care if they get access to. You know... like financial stuff...

 

I am kinda surprised at how relatively easily data has been available to these hackers... Having worked at a financial institution and a few government facilities over the years, I know we can protect the data very well. Of course there's nothing completely hacker proof... The trick is not to be the low hanging fruit. Disable administrative and root account remote access. I mean you could require a 255 character password and changed every 7 days, but then you make it harder for the average user to get in....

[Liverandbacon]

I hate how the news is talking about how LulzSec 'hacked' the CIA and other sites (). Saying that a DDoS attacker 'hacked' anything is like saying that some guy who super-glued a bank's doors shut pulled off a major heist. One requires actual skill to pull off, and can actually be very serious. The other is something a 10 year old can do, and isn't much more than an inconvenience. When it's only a few hours of downtime, as was the case with the CIA website, calling it 'hacking' is even more absurd.

 

Not to mention the fact that the CIA isn't even slightly inconvenienced by a temporary lack of a public website. Just look at the site, and you'll see that most of the content consists of information resources like the World Factbook, which are useful for the general public, but completely irrelevant to the Agency's day-to-day functionality. Nothing important goes on on the CIA's website, so all a DDoSer is really doing is shooting themselves in the foot (especially when one considers that one of the public resources taken down is the online FOIA archive).

 

Technically unimpressive and functionally useless. What a pitiful combination the media is so enthralled by.

 

Bunch of dumbass script-kiddies found themselves a new brute force toy Tired of this crap.

 

Would be nice if companies would take further measures though before getting hit.

 

Exactly. The scary thing here isn't the competence of the hackers. I wouldn't be surprised if most of them are just kids who've just discovered Metasploit or another program of that ilk, and that's for the actual cracking; the DDoSes aren't even worth mentioning.

 

What should scare people is how so many companies, especially technology ones, which you'd expect to have more security know-how, leave important information under such weak protection. Given how common password reuse is, even a simple list of usernames and passwords is quite valuable to certain people. And if a bunch of skiddies can get in this many places, you can bet your ass that the professional crackers working in the interests of foreign governments or organized crime can reach even more.

 

Hopefully all this activity will be a wake up call to both companies and users.

 

There are other methods of protecting end user data. Just make sure you change your passwords regularly on anything you care if they get access to. You know... like financial stuff...

 

This. Also, people need to stop reusing the same password on everything, especially stuff they care about. Even on the stuff that doesn't matter, the closest I'd ever get to reusing a password would be having a 4-8 character prefix or suffix common to multiple sites and services, with the main portion of the password different.

 

Websites and services themselves also need to stop ****ing about with "no symbol" rules, lack of case sensitivity, and worst of all, maximum password lengths. It's not that hard to make a password system that can handle symbols, both cases of letters, and long passwords, and it seriously improves security. I know someone whose insurance company doesn't allow case-sensitivity or symbols, and has a 10 character password maximum. I would switch companies in that situation. If they're that clueless security wise with website security, god knows what their general network security is like. I wouldn't want to entrust all my insurance information to a company like that.

[Trench]

LulzSec has pulled off some amusing hacks. Beyond the typical /b/tard's "lol, I DDoS j00!" deal. Like changing the homepage image of a Web Security company's website. And the fact that he's/she's/they're/it's ballsy enough to release torrents and such of the stolen Sony user data says something. I rather him/her/them/it.

[Darth Avlectus]

What should scare people is how so many companies, especially technology ones, which you'd expect to have more security know-how, leave important information under such weak protection. Given how common password reuse is, even a simple list of usernames and passwords is quite valuable to certain people. And if a bunch of skiddies can get in this many places, you can bet your ass that the professional crackers working in the interests of foreign governments or organized crime can reach even more.

 

Yeah. And actually there are tools out there alerting you to google analytics trackers in various websites wherever you go. Not surprisingly in my area several people got infected, as there has been some hackers sneaking through stuff through google searchbar tools in web browsers.

 

Also, banking online w/ online social networking = bad idea. At least all with the same email address. I'd say if anyone can, change your IP if at all possible, and use dynamic IP thereafter.

 

Hopefully all this activity will be a wake up call to both companies and users.

Seconded.

 

 

This. Also, people need to stop reusing the same password on everything, especially stuff they care about. Even on the stuff that doesn't matter, the closest I'd ever get to reusing a password would be having a 4-8 character prefix or suffix common to multiple sites and services, with the main portion of the password different.

One of my pals online says F*** you synonyms and alternate identities and yet he has had his identity stolen and his cards fraudulently used. So consider the source.

 

 

Websites and services themselves also need to stop ****ing about with "no symbol" rules, lack of case sensitivity, and worst of all, maximum password lengths. It's not that hard to make a password system that can handle symbols, both cases of letters, and long passwords, and it seriously improves security. I know someone whose insurance company doesn't allow case-sensitivity or symbols, and has a 10 character password maximum. I would switch companies in that situation. If they're that clueless security wise with website security, god knows what their general network security is like. I wouldn't want to entrust all my insurance information to a company like that.

 

I refuse to bank online anymore. I miss being able to buy stuff, but this really is all for the best.

[Totenkopf]

One of my pals online says F*** you synonyms and alternate identities and yet he has had his identity stolen and his cards fraudulently used. So consider the source.

 

I refuse to bank online anymore. I miss being able to buy stuff, but this really is all for the best.

 

 

Yeah, I basically don't trust net security no matter what any company says and therefore don't shop online (or anything else like banking, taxes, etc...). As to your friend, he might not have been a victim of online identity fraud. I used to work with someone that it turned out was stealing CC carbons from the trash can at that resturant. Finally caught up with him, but don't know whatever happened with him in the end. There are already enough offline ways for identities to be stolen as it is.

[ChAiNz.2da]

another interesting viewpoint...

 

Hackers Are Everywhere. Panic!

 

I think the number of recent hacks and the amount of news coverage on these attacks is suspicious. Could they be false flag events to help the government regulate the Internet?

source

[Totenkopf]

Not entirely implausible, given that the feds seem to want to get their piggy hands all over everything anymore. A few more articles on the subject in general, the WSJ piece on China being interesting.

 

http://tech.blorge.com/Structure:%20/2010/03/07/chinese-internet-hack-attacks-will-increase-over-time/

 

http://www.internetevolution.com/author.asp?section_id=699&doc_id=188322

 

http://online.wsj.com/article/SB10001424052702303745304576363270528702658.html

[Lynk Former]

I don't really get the point of China doing this...

 

"Let's be annoying to the rest of the world cause we don't give a **** what they think of us any way."

[ChAiNz.2da]

I don't really get the point of China doing this...

 

"Let's be annoying to the rest of the world cause we don't give a **** what they think of us any way."

 

because ePeen knows no borders

[Totenkopf]

I don't really get the point of China doing this...

 

"Let's be annoying to the rest of the world cause we don't give a **** what they think of us any way."

 

While I'm not blaming the PRC for a specific incident, rather pointing out that they are involved in a lot of the hacking attacks that have taken place, I think ChAiNz is onto something with the ePeen joke. As far as the PRC's motivations or attitudes, they clearly don't give a **** about their own people.....so why would they care about the rest of the world, esp when it seems to fall all over itself to get access to the fabled "china market".... I believe they do it b/c they can and to get info they might not be able to get otherwise for reasons known to them.

[Negative Sun]

Well Britain has just passed a law forcing ISPs to "monitor and process all data" what users do online to catch all these nasty pirates everywhere...

[Tommycat]

Well Britain has just passed a law forcing ISPs to "monitor and process all data" what users do online to catch all these nasty pirates everywhere...

 

Soon to be news:

A British ISP has been hacked and several thousand users' personal private data is now in the hands of hackers

[Sabretooth]

But first, our special feature for tonight:

 

British MPs and their Favourite Fetishes!

 

As far as the PRC's motivations or attitudes, they clearly don't give a **** about their own people....

 

That's a pretty vast exaggeration. The PRC's administration has been harsh compared to the West, but it's far from 'not giving a **** about their own people'.

[Totenkopf]

That's a pretty vast exaggeration. The PRC's administration has been harsh compared to the West, but it's far from 'not giving a **** about their own people'.

 

We'll have to agree to disagree. Most totalitarian govts don't care about their citizens (the PRC has never truly demonstrated otherwise), far less than even corrupt western ones where pols usually lie to the voters to merely get elected/re-elected. To the extent that "bettering their people" serves their own petty interests and vanity and national ambitions, there's some level of progress. Just make sure you don't run afoul of the Party and its multitude of hacks. Frankly, Stalin, Mao and Pol Pot were harsh "compared to the west"......so I'm not sure what that's supposed to mean.

[Sabretooth]

China's vast economic growth, rise in living standards and a thunderous GDP show that the PRC doesn't care about its people? What about the wide-ranging improvements in infrastructure and medical care? If you still don't think the PRC has 'never truly demonstrated' that it 'doesn't care about its citizens', I don't know what you need to be convinced - public debates about Hu Jintao's birth certificate?

 

Get real, amigo. Mao is dead.

[Totenkopf]

China's vast economic growth, rise in living standards and a thunderous GDP show that the PRC doesn't care about its people? What about the wide-ranging improvements in infrastructure and medical care? If you still don't think the PRC has 'never truly demonstrated' that it 'doesn't care about its citizens', I don't know what you need to be convinced - public debates about Hu Jintao's birth certificate?

 

Nothing you said indicates China cares about its people so much as its own position in the world. Modernizing your country b/c you wish to be the next hyperpower doesn't = caring about your people so much as caring about your place in the hierarchy of world power. If you think that they really care about anything else......well, you'll believe anything.

 

Get real, amigo. Mao is dead.

 

That makes about as much sense as your throwaway contention about about "harsher than the west"....and is about as meaningless.

[Sabretooth]

Nothing you said indicates China cares about its people so much as its own position in the world. Modernizing your country b/c you wish to be the next hyperpower doesn't = caring about your people so much as caring about your place in the hierarchy of world power. If you think that they really care about anything else......well, you'll believe anything.

 

I like your style of debate Herr Totenkopf, no counterpoints or new ideas, only refutals and vacuous opinions.

 

By your logic, all that every developing country wants is political power and not, you know, 'caring for their people'. As opposed to countries with free speech and democracy that go out of their way to spread some of that care to other countries as well.