Lulzsec

Seen something interesting in the news or on the intertubes? Discuss it here.

Moderators: Hawknc, Zamfir, Prelates, Moderators General

Re: Lulzsec

Postby Xeio » Mon Jun 27, 2011 4:47 pm UTC

I don't think they care. I mean... it's followed by "is very ugly". I have this strange feeling they're ok with someone's feelings getting hurt.

Though they used the correct ones in other places. Who knows...
User avatar
Xeio
Friends, Faidites, Countrymen
 
Posts: 4806
Joined: Wed Jul 25, 2007 11:12 am UTC
Location: C:\Users\Xeio\

Re: Lulzsec

Postby Роберт » Mon Jun 27, 2011 4:59 pm UTC

Xeio wrote:I don't think they care. I mean... it's followed by "is very ugly". I have this strange feeling they're ok with someone's feelings getting hurt.

Though they used the correct ones in other places. Who knows...

Yes, but the ugly comment just insults a specific person, rather than disrespecting an entire group of people. If you want to insult a woman, than insult her; don't insult all women.

If you want to insult a trans person, insult hir, but don't insult all trans people.
The Great Hippo wrote:[T]he way we treat suspected terrorists genuinely terrifies me.
Роберт
 
Posts: 4301
Joined: Wed May 14, 2008 1:56 am UTC

Re: Lulzsec

Postby Xeio » Mon Jun 27, 2011 5:03 pm UTC

Роберт wrote:
Xeio wrote:I don't think they care. I mean... it's followed by "is very ugly". I have this strange feeling they're ok with someone's everyone's feelings getting hurt.

Though they used the correct ones in other places. Who knows...
Yes, but the ugly comment just insults a specific person, rather than disrespecting an entire group of people. If you want to insult a woman, than insult her; don't insult all women.

If you want to insult a trans person, insult hir, but don't insult all trans people.
Fixed my post for better accuracy. I think you've confused Anon/Lulzsec with some entirely different group.
User avatar
Xeio
Friends, Faidites, Countrymen
 
Posts: 4806
Joined: Wed Jul 25, 2007 11:12 am UTC
Location: C:\Users\Xeio\

Re: Lulzsec

Postby Роберт » Mon Jun 27, 2011 5:07 pm UTC

Xeio wrote:Fixed my post for better accuracy. I think you've confused Anon/Lulzsec with some entirely different group.

The pastebin release was an entirely different group, one claiming to be digging up the dirt on what Lulzsec is.
The Great Hippo wrote:[T]he way we treat suspected terrorists genuinely terrifies me.
Роберт
 
Posts: 4301
Joined: Wed May 14, 2008 1:56 am UTC

Re: Lulzsec

Postby Xeio » Mon Jun 27, 2011 5:23 pm UTC

Роберт wrote:
Xeio wrote:Fixed my post for better accuracy. I think you've confused Anon/Lulzsec with some entirely different group.

The pastebin release was an entirely different group, one claiming to be digging up the dirt on what Lulzsec is.
Phht.... I totally may have not noticed that. *coughs*
User avatar
Xeio
Friends, Faidites, Countrymen
 
Posts: 4806
Joined: Wed Jul 25, 2007 11:12 am UTC
Location: C:\Users\Xeio\

Re: Lulzsec

Postby vodka.cobra » Sat Jul 02, 2011 3:26 pm UTC

johnny_7713 wrote:
zmatt wrote:IMO groups like this are the first of a new breed of activists. It seems that nowadays the best way to get a message across is through hacktivism. If you look at how corporate most of the media is, they can pick and chose how to report on things and with the excuse of national security the government seems to be trying to tighten its grip on the citizens. The one place where individuals or small groups seem to still have thew upper hand is cyberspace where the government is woefully ignorant. Whether or not you agree with Lulzsec (they seem to be making a lot of enemies) I think we can rest better knowing that at least in one way we can still hold abusive corporations and governments responsible for their actions.


I disagree, there are plenty of activists that get their message out just fine, through both legal and illegal means that are not hacking. Greenpeace, Amnesty International, Human Rights Watch, anti-globalists every G20 summit, etc.
Also can we please stop pretending groups like Lulzsec are 'holding abusive corporations and governments responsible for their actions'. Stealing sensitive customer information or e-mail / password combos for porn sites, especially if you recommend plastering that information all over facebook, has absolutely nothing to do with holding anyone responsible for anything (other than holding people responsible for secretly visiting porn sites).

I gotta be honest here: Greenpeace, Amnesty International, Human Rights Watch, G20 Summits? None of those matter to me. I'm too self-absorbed to give a damn about their message, just like practically every other American. They aren't making waves. They can be dusted under the rug and ignored without consequence.

If you ignore hacktivists, you're likely to get all of your online endeavors compromised.

So there is definitely a difference between the two, even if it's merely a subjective one.
User avatar
vodka.cobra
 
Posts: 357
Joined: Thu Mar 27, 2008 6:50 pm UTC
Location: Florida

Re: Lulzsec

Postby KnightExemplar » Sat Jul 02, 2011 8:13 pm UTC

vodka.cobra wrote:
johnny_7713 wrote:
zmatt wrote:IMO groups like this are the first of a new breed of activists. It seems that nowadays the best way to get a message across is through hacktivism. If you look at how corporate most of the media is, they can pick and chose how to report on things and with the excuse of national security the government seems to be trying to tighten its grip on the citizens. The one place where individuals or small groups seem to still have thew upper hand is cyberspace where the government is woefully ignorant. Whether or not you agree with Lulzsec (they seem to be making a lot of enemies) I think we can rest better knowing that at least in one way we can still hold abusive corporations and governments responsible for their actions.


I disagree, there are plenty of activists that get their message out just fine, through both legal and illegal means that are not hacking. Greenpeace, Amnesty International, Human Rights Watch, anti-globalists every G20 summit, etc.
Also can we please stop pretending groups like Lulzsec are 'holding abusive corporations and governments responsible for their actions'. Stealing sensitive customer information or e-mail / password combos for porn sites, especially if you recommend plastering that information all over facebook, has absolutely nothing to do with holding anyone responsible for anything (other than holding people responsible for secretly visiting porn sites).

I gotta be honest here: Greenpeace, Amnesty International, Human Rights Watch, G20 Summits? None of those matter to me. I'm too self-absorbed to give a damn about their message, just like practically every other American. They aren't making waves. They can be dusted under the rug and ignored without consequence.

If you ignore hacktivists, you're likely to get all of your online endeavors compromised.

So there is definitely a difference between the two, even if it's merely a subjective one.


Its not about whether or not you can ignore them. Its about accomplishing shit. Greenpeace has proven that they CAN affect the political environment. What have Lulzsec / hactivists done?

Hactivists are like Al Queda. You can't ignore them because Al Queda will literally blow shit up and kill you. But the political power of Al Queda is waning. Peaceful and non-destructive protests won, and the Middle-Eastern revolutions are proof of that. Even when Mubarak shut down the Internet, ordered his men to fire on peaceful protesters, and everything, he was unable to stop the wave of rebellion.

The only thing Lulzsec and Anonymous has accomplished is give Obama some ammo to use for his "Internet Kill Switch" that he's proposing through Congress. The Military-Industrial Complex is gearing up for "Cyberwar", a completely vague and unidentified term that will surely cost the Taxpayers billions of dollars without fully understanding wtf is going on.

Look at the political spectrum. Anonymous's political viewpoints have been completely ignored. Manning is still in prison waiting trial. Wikileaks has lost power as the primary source of leaks (You've got OpenLeaks, and other News Media have opened up their own leak sites that have less political garbage associated with their name) and Assange is under house-arrest. Amazon has proven to be an extremely effective web-host capable of standing up to a DDOS attack. The successful DDOS attacks against Mastercard and Paypal haven't tarnished their reputation. The only thing they have proven is that America is woefully unprepared for a "Cyber-attack", whatever the fuck that means.

Really, Anonymous and Lulzsec has given political leverage to the wrong people. They have empowered the wasteful spending of the military-industrial complex and have damaged free-speech activists. They have legitimized the claim that the President needs more control over the Internet. This is NOT the direction I'd like to see the country go towards.

That is why you need a group like Greenpeace, people who analyze the political spectrum, who focus on convincing the correct people and focus the efforts of protesters. Just going out and randomly hacking people doesn't help (WTF? Hacking PBS to "fight the man" is ridiculous. Even if they disagree with PBS's message towards Wikileaks, attacking non-profit foundations with some of the most in-depth media reports is just retarded.)

Fortunately, it seems like Lulzsec understands this. Perhaps this is the direction they want to go towards. Truth be told, the online environment IS unprepared for cybercrime and internet hacking. They have proven that America is extremely weak from this standpoint. This is probably their true message, and empowering the President (or maybe just Security Consultants) to do things might have been their point overall. (ie: Internet Kill Switch, Legitimize the funding towards US CyberCommand, increase public awareness to the damages that hackers can cause...). Lulzsec has never claims an actual political goal, they just claim they're in it for the lulz.

--------------------

Long story short. There is a difference between intimidating people, and actually stepping towards political victory. Sure, you can't ignore people who intimidate you. But you probably won't cater towards their viewpoints.
First Strike +1/+1 and Indestructible.
KnightExemplar
 
Posts: 2505
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Lulzsec

Postby vodka.cobra » Sat Jul 02, 2011 8:30 pm UTC

What accomplishes more: A bunch of easily ignorable people who are legally, ethically, and socially in the right, or someone with money?
User avatar
vodka.cobra
 
Posts: 357
Joined: Thu Mar 27, 2008 6:50 pm UTC
Location: Florida

Re: Lulzsec

Postby KnightExemplar » Sat Jul 02, 2011 8:32 pm UTC

vodka.cobra wrote:What accomplishes more: A bunch of easily ignorable people who are legally, ethically, and socially in the right, or someone with money?


http://news.change.org/stories/victory- ... omas-drake

Looks like the former. BTW: Lulzsec and Anonymous have neither.
First Strike +1/+1 and Indestructible.
KnightExemplar
 
Posts: 2505
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Lulzsec

Postby vodka.cobra » Sat Jul 02, 2011 8:36 pm UTC

KnightExemplar wrote:
vodka.cobra wrote:What accomplishes more: A bunch of easily ignorable people who are legally, ethically, and socially in the right, or someone with money?


http://news.change.org/stories/victory- ... omas-drake

Looks like the former. BTW: Lulzsec and Anonymous have neither.

I never said they did. My point is that Green Peace doesn't matter. They'll only ever have small victories, and life will continue to be shitty no matter what we do.
User avatar
vodka.cobra
 
Posts: 357
Joined: Thu Mar 27, 2008 6:50 pm UTC
Location: Florida

Re: Lulzsec

Postby KnightExemplar » Sat Jul 02, 2011 8:42 pm UTC

vodka.cobra wrote:
KnightExemplar wrote:
vodka.cobra wrote:What accomplishes more: A bunch of easily ignorable people who are legally, ethically, and socially in the right, or someone with money?


http://news.change.org/stories/victory- ... omas-drake

Looks like the former. BTW: Lulzsec and Anonymous have neither.

I never said they did. My point is that Green Peace doesn't matter. They'll only ever have small victories, and life will continue to be shitty no matter what we do.


My point is that Lulzsec, Anonymous, and other "Hactivists" don't even have "small victories" to celebrate. Their small victory was bringing down a website for a few hours, maybe a day if they were lucky. This has absolutely no political power what so ever.

Small Victories add up over time. And the Thomas Drake case undermines Obama's war against Whistleblowers (even legitimate whistleblowers).
First Strike +1/+1 and Indestructible.
KnightExemplar
 
Posts: 2505
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Lulzsec

Postby vodka.cobra » Sat Jul 02, 2011 8:45 pm UTC

KnightExemplar wrote:
vodka.cobra wrote:
KnightExemplar wrote:
vodka.cobra wrote:What accomplishes more: A bunch of easily ignorable people who are legally, ethically, and socially in the right, or someone with money?


http://news.change.org/stories/victory- ... omas-drake

Looks like the former. BTW: Lulzsec and Anonymous have neither.

I never said they did. My point is that Green Peace doesn't matter. They'll only ever have small victories, and life will continue to be shitty no matter what we do.


My point is that Lulzsec, Anonymous, and other "Hactivists" don't even have "small victories" to celebrate. Their small victory was bringing down a website for a few hours, maybe a day if they were lucky. This has absolutely no political power what so ever.

Small Victories add up over time. And the Thomas Drake case undermines Obama's war against Whistleblowers (even legitimate whistleblowers).

And what do these small victories accomplish besides quelling anger and making people complacent?
User avatar
vodka.cobra
 
Posts: 357
Joined: Thu Mar 27, 2008 6:50 pm UTC
Location: Florida

Re: Lulzsec

Postby LtNOWIS » Sat Jul 02, 2011 9:59 pm UTC

vodka.cobra wrote:I never said they did. My point is that Green Peace doesn't matter. They'll only ever have small victories, and life will continue to be shitty no matter what we do.

I fail to see how the State or The Man or whoever Lulzec is opposing has made my life shitty. Quite the opposite, in fact.

More seriously, can any of the Lulzsec people claim that the government is seriously oppressing them? If not, they're just the the latest in a long line of ideologically motivated vandals.
LtNOWIS
 
Posts: 371
Joined: Sun Dec 12, 2010 4:21 pm UTC
Location: Fairfax County

Re: Lulzsec

Postby Glass Fractal » Sun Jul 03, 2011 1:02 am UTC

LtNOWIS wrote:
vodka.cobra wrote:I never said they did. My point is that Green Peace doesn't matter. They'll only ever have small victories, and life will continue to be shitty no matter what we do.

I fail to see how the State or The Man or whoever Lulzec is opposing has made my life shitty. Quite the opposite, in fact.

More seriously, can any of the Lulzsec people claim that the government is seriously oppressing them? If not, they're just the the latest in a long line of ideologically motivated vandals.


Usually its best not to have the oppression actually start, call it being proactive or forward thinking. And well, what counts as "serious" oppression? Why should we allow even moderate amounts of oppression if we can do something about it?
Glass Fractal
 
Posts: 501
Joined: Thu May 13, 2010 2:53 am UTC

Re: Lulzsec

Postby KnightExemplar » Sun Jul 03, 2011 7:51 am UTC

vodka.cobra wrote:
KnightExemplar wrote:
vodka.cobra wrote:
KnightExemplar wrote:
vodka.cobra wrote:What accomplishes more: A bunch of easily ignorable people who are legally, ethically, and socially in the right, or someone with money?


http://news.change.org/stories/victory- ... omas-drake

Looks like the former. BTW: Lulzsec and Anonymous have neither.

I never said they did. My point is that Green Peace doesn't matter. They'll only ever have small victories, and life will continue to be shitty no matter what we do.


My point is that Lulzsec, Anonymous, and other "Hactivists" don't even have "small victories" to celebrate. Their small victory was bringing down a website for a few hours, maybe a day if they were lucky. This has absolutely no political power what so ever.

Small Victories add up over time. And the Thomas Drake case undermines Obama's war against Whistleblowers (even legitimate whistleblowers).

And what do these small victories accomplish besides quelling anger and making people complacent?


By definition, a victory would make people less angry (ie: happier) and removes worries from us. We can be more complacent against threats that do not exist anymore if we really did have a true victory. If you aren't satisfied with that, you seriously need to get a better outlook on life.

Life ain't that bad you know.
First Strike +1/+1 and Indestructible.
KnightExemplar
 
Posts: 2505
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Lulzsec

Postby TaintedDeity » Sun Jul 03, 2011 2:41 pm UTC

Life ain't that bad you know.
Maybe for you.
Ⓞⓞ◯
User avatar
TaintedDeity
 
Posts: 3932
Joined: Sun Feb 10, 2008 7:22 pm UTC
Location: England;

Re: Lulzsec

Postby KnightExemplar » Sun Jul 03, 2011 3:08 pm UTC

I apologize if you are insulted by my previous words. I do not want to take this thread towards the darker direction.

From a serious point of view, everything we work for is a "small victory" at best. It takes years to implement social change, entire lifetimes to move from slavery to overt racism. And that social change cost hundreds of thousands of lives. It took another lifetime to move from overt racism (in the 1960s) to implicit racism.

Social change is a game of endurance. It takes years to take effect, but it eventually does get better. To expect anything more is just being greedy. Still, it is important to work for change for the betterment of our children.
First Strike +1/+1 and Indestructible.
KnightExemplar
 
Posts: 2505
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Lulzsec

Postby _Marcus_ » Sun Jul 03, 2011 4:11 pm UTC

I have been watching Lulzsec for some time now and you know, he is using people to post topics about him(like this) then his popularity will spread by having links to articles about him and links to his twitter account.
Lulzsec is a scare tactic and he is gonna make the prices of computer security stuff go up because everyone wants to defend themselves and people will notice and prices will go up.
Sorry if I repeat myself on some parts its just how I am 8)
_Marcus_
 
Posts: 5
Joined: Sat Jul 02, 2011 3:30 am UTC
Location: Uh... I'm uh... DON'T PRESSURE ME!

Re: Lulzsec

Postby sje46 » Tue Jul 05, 2011 8:44 pm UTC

_Marcus_ wrote:I have been watching Lulzsec for some time ...he....his...he...he
Yeah...I doubt that =/
General_Norris: Taking pride in your nation is taking pride in the division of humanity.
Pirate.Bondage: Let's get married. Right now.
sje46
 
Posts: 4724
Joined: Wed May 14, 2008 4:41 am UTC
Location: New Hampshire

Re: Lulzsec

Postby Ivor Zozz » Tue Jul 19, 2011 12:16 am UTC

Looks like they are at it again, this time breaking into one of News Corp's sites and redirecting it to a fake story about Rupert Murdoch's death:

http://gizmodo.com/5822392/lulzsec-hacks-the-times-with-brutal-murdoch-death-notice
User avatar
Ivor Zozz
 
Posts: 170
Joined: Sun May 09, 2010 7:35 pm UTC

Re: Lulzsec

Postby Triangle_Man » Tue Jul 19, 2011 2:01 am UTC

Ivor Zozz wrote:Looks like they are at it again, this time breaking into one of News Corp's sites and redirecting it to a fake story about Rupert Murdoch's death:

http://gizmodo.com/5822392/lulzsec-hacks-the-times-with-brutal-murdoch-death-notice


Okay, is it wrong that I see Lulzsec as being the lesser of two evils in this particular story?

Then again, I wonder what's more evil; hacking high-security websites and revealing personal information, or hacking people's cell-phones and voicemail for the sake of a story (and impeding a murder investigation in the process).

Also, is their any irony in the hackers getting hacked?
I really should be working right now, but somehow I don't have the energy.

The Mighty Thesaurus wrote:My moral system allows me to bitch slap you for typing that.
User avatar
Triangle_Man
WINNING
 
Posts: 1500
Joined: Sat May 02, 2009 8:41 pm UTC
Location: CANADA

Re: Lulzsec

Postby KnightExemplar » Tue Jul 19, 2011 2:30 pm UTC

Its kinda like raping a child molester in prison.

Ironic, but ultimately futile. It doesn't fix the problems of the past, and only causes problems for the future. Just because an evil is done to an evil-doer doesn't make it right. Only if the action ultimately causes a change for the better will it become justice.
First Strike +1/+1 and Indestructible.
KnightExemplar
 
Posts: 2505
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Lulzsec

Postby Ivor Zozz » Wed Jul 27, 2011 5:35 pm UTC

Seems that "Topiary", the spokesperson for Lulzsec, has been arrested:

http://nakedsecurity.sophos.com/2011/07/27/suspected-hacker-arrested-in-shetland-islands/
http://content.met.police.uk/News/Man-arrested-in-ecrime-investigation/1260269333921/1257246745756

He recently deleted most of his tweets on his personal (not Lulzsec) account, leaving up just one that said, "You can't arrest an idea," perhaps indicating he knew what was coming.

Looks like we could be seeing the endgame for this group...
User avatar
Ivor Zozz
 
Posts: 170
Joined: Sun May 09, 2010 7:35 pm UTC

Re: Lulzsec

Postby stevey_frac » Wed Jul 27, 2011 5:49 pm UTC

Hrm. That is to bad. I liked what they were doing.
stevey_frac
 
Posts: 947
Joined: Tue Oct 20, 2009 10:27 pm UTC

Re: Lulzsec

Postby Triangle_Man » Wed Jul 27, 2011 6:55 pm UTC

stevey_frac wrote:Hrm. That is to bad. I liked what they were doing.


Please explain why you supported these guys.

Because honestly, they were doing some unsavory stuff.
I really should be working right now, but somehow I don't have the energy.

The Mighty Thesaurus wrote:My moral system allows me to bitch slap you for typing that.
User avatar
Triangle_Man
WINNING
 
Posts: 1500
Joined: Sat May 02, 2009 8:41 pm UTC
Location: CANADA

Re: Lulzsec

Postby stevey_frac » Sat Jul 30, 2011 1:05 am UTC

They were hacking stuff. And breaking it. And then publicly announcing that they broke it. The net long-term result is that computer security will be improved by their actions. It's a rather aggressive kind of responsible disclosure, but then, these were all known exploits, not novel ideas. So, they let the world know, that they need to patch their shit, in the only way that will get meaningful results, quickly: Impact bottom lines, and public perceptions.
stevey_frac
 
Posts: 947
Joined: Tue Oct 20, 2009 10:27 pm UTC

Re: Lulzsec

Postby KnightExemplar » Sat Jul 30, 2011 4:19 am UTC

There is a level of responsibility you need to do to remain a "good guy". Generally speaking, that is keeping password databases and innocent bystanders (ie: the customers) information private. Do no harm to the customers, but prove you've done the exploit. That is the way of the gray hat. As soon as you release password databases and private information to the public, you are no longer working for the public good. You have explicitly stepped into evil territory, doing harm for no reason aside from doing it for the lulz.

Hell, it takes explicit work and effort to properly being anonymous with your upload to the internet. (Do it poorly, the FBI will track the password database back to you).

These guys have no "net good" any more than thieves and burglars. Its pretty public when your house gets robbed, its pretty public when you report that your wallet is stolen. Sure, its a "lesson" to the person who got hurt, and they'll hopefully learn from the experience. But it is pure victim blaming if you pin it down as "their fault for having lack security". (or other similar arguments: They were asking to get raped and whatnot. Its all the same thing IMO).

Frankly, the argument doesn't work if you do harm. If lulzsec really was trying to work for the public good, they would not have released any potentially harmful information. But they did, repeatedly.
First Strike +1/+1 and Indestructible.
KnightExemplar
 
Posts: 2505
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Lulzsec

Postby stevey_frac » Sat Jul 30, 2011 7:49 am UTC

First off, I never said what they were doing was legal, or ethical. I said a was a fan. I would rather have lulsec publicly releasing stuff, then the chinese government breaking stuff and not having the public know about it. This way, security end up bring improved. We need groups like anonymous, because they are a constant threat, that keeps people on their toes, and forces security researchers to keep digging, and keep funding vulnerabilities. Every fix they make, you can credit to a publicly announced hack.
stevey_frac
 
Posts: 947
Joined: Tue Oct 20, 2009 10:27 pm UTC

Re: Lulzsec

Postby ShootTheChicken » Sat Jul 30, 2011 3:15 pm UTC

And when people like this help push through Obama's internet kill switch, that's totally okay with you?
SecondTalon wrote:the Hot Freshness of Wicked Classic.
User avatar
ShootTheChicken
Best. Cheerleader. Ever.
 
Posts: 433
Joined: Wed Feb 16, 2011 5:11 am UTC
Location: America's Hat

Re: Lulzsec

Postby stevey_frac » Sat Jul 30, 2011 9:04 pm UTC

Because someone important came up with a terrible solution, the people who found the problem are worse... amirite?

Reminds me of this comic:

http://dilbert.com/strips/comic/1996-07-04/

Edit: You have to understand. There are a finite number of bugs that can be exploited. And every one that is found, fixed, and patched, is one that truly evil people cannot use to great harm, without anyone ever knowing about.

Lulzsec is/was helping get stuff patched. :D
Last edited by stevey_frac on Sun Jul 31, 2011 12:25 am UTC, edited 1 time in total.
stevey_frac
 
Posts: 947
Joined: Tue Oct 20, 2009 10:27 pm UTC

Re: Lulzsec

Postby Ortus » Sun Jul 31, 2011 12:20 am UTC

stevey_frac wrote:
Edit: You have to understand. There are a finite number of bugs that can be exploited.


How do you figure that?
roband wrote:Face, yes. Chest, probably. Pubic area, maybe. Scrotum, not a fucking chance.
User avatar
Ortus
Fluffy
 
Posts: 573
Joined: Sat Apr 03, 2010 7:09 am UTC

Re: Lulzsec

Postby stevey_frac » Sun Jul 31, 2011 12:24 am UTC

There is a finite amount of code. The rest should follow logically.
stevey_frac
 
Posts: 947
Joined: Tue Oct 20, 2009 10:27 pm UTC

Re: Lulzsec

Postby Ortus » Sun Jul 31, 2011 12:27 am UTC

stevey_frac wrote:There is a finite amount of code.



Right now
there is a finite amount of code.
roband wrote:Face, yes. Chest, probably. Pubic area, maybe. Scrotum, not a fucking chance.
User avatar
Ortus
Fluffy
 
Posts: 573
Joined: Sat Apr 03, 2010 7:09 am UTC

Re: Lulzsec

Postby stevey_frac » Sun Jul 31, 2011 12:31 am UTC

Do you anticipate there being an infinite amount of code in the near future?
stevey_frac
 
Posts: 947
Joined: Tue Oct 20, 2009 10:27 pm UTC

Re: Lulzsec

Postby Ortus » Sun Jul 31, 2011 12:33 am UTC

stevey_frac wrote:Do you anticipate there being an infinite amount of code in the near future?


More that, as one looks to the future of code and the staggering amount of it that will exist, and thus the staggering amount of bugs that will exist, one has to wonder at how wildly inefficient the, "one less bug" approach has to be. (edit) So why choose to go about fixing it an inefficient way?
Last edited by Ortus on Sun Jul 31, 2011 12:37 am UTC, edited 2 times in total.
roband wrote:Face, yes. Chest, probably. Pubic area, maybe. Scrotum, not a fucking chance.
User avatar
Ortus
Fluffy
 
Posts: 573
Joined: Sat Apr 03, 2010 7:09 am UTC

Re: Lulzsec

Postby Dark567 » Sun Jul 31, 2011 12:33 am UTC

A finite amount of code doesn't mean there's a finite amount of holes.
I apologize, 90% of the time I write on the Fora I am intoxicated.


Yakk wrote:The question the thought experiment I posted is aimed at answering: When falling in a black hole, do you see the entire universe's future history train-car into your ass, or not?
Dark567
 
Posts: 3431
Joined: Thu Jun 25, 2009 5:12 pm UTC
Location: Everywhere(in the US, I don't venture outside it too often, unfortunately)

Re: Lulzsec

Postby stevey_frac » Sun Jul 31, 2011 12:51 am UTC

Dark567 wrote:A finite amount of code doesn't mean there's a finite amount of holes.


It kind of does, by definition almost. It might be a large number of holes, but it is definitely finite.

This one-at-a-time fix methodology only applies to security vulnerabilities that are exploitable, which is a much smaller subset of bugs. And yes... It is not horribly efficient, but, code analysers are only so good. You need a real live human being banging on software to come up with new and interesting ways to break it. White hat security researchers also find bugs one at a time.... Black hats exploit them one at a time, coders create them one at a time.... So... I do believe that this is efficient enough. And through a system of responsible disclosure, zero-day notices, and internal auditing, that you can write fairly secure software.
stevey_frac
 
Posts: 947
Joined: Tue Oct 20, 2009 10:27 pm UTC

Re: Lulzsec

Postby Dark567 » Sun Jul 31, 2011 12:55 am UTC

stevey_frac wrote:
Dark567 wrote:A finite amount of code doesn't mean there's a finite amount of holes.


It kind of does, by definition almost. It might be a large number of holes, but it is definitely finite.
Holes aren't just with the code that's there though, it can also be a lack of code. Things like not having encryption or authentication. There is no code you could necessarily write that would compensate for every possible future attack.
I apologize, 90% of the time I write on the Fora I am intoxicated.


Yakk wrote:The question the thought experiment I posted is aimed at answering: When falling in a black hole, do you see the entire universe's future history train-car into your ass, or not?
Dark567
 
Posts: 3431
Joined: Thu Jun 25, 2009 5:12 pm UTC
Location: Everywhere(in the US, I don't venture outside it too often, unfortunately)

Re: Lulzsec

Postby Ortus » Sun Jul 31, 2011 12:59 am UTC

Dark567 wrote: There is no code you could necessarily write that would compensate for every possible future attack.


This was the argument I was going to make, but backwards. :(
roband wrote:Face, yes. Chest, probably. Pubic area, maybe. Scrotum, not a fucking chance.
User avatar
Ortus
Fluffy
 
Posts: 573
Joined: Sat Apr 03, 2010 7:09 am UTC

Re: Lulzsec

Postby stevey_frac » Sun Jul 31, 2011 1:06 am UTC

Your lack of code bugs, are just a weirdly defined subset of bugs though, and to be honest, it is a class of bugs that aren't found often. People know that if this information is sensitive, and being transmitted over an untrusted network, that means it needs to be encrypted. And people know that if you need to verify the authenticity of the system or person you are communicating with, you need authentication. Once again, there are only a finite number of these bugs that you can have, and simple check-box security audits will generally find them.

This is one area where open source rules. Yes, the source is available for everyone to see... but, it also means that you effectively have thousands of code reviewers. If they see stuff, and fix it, then, you end up with significantly fewer exploitable holes on machines in the wild. And this, ultimately, is the solution to computer security. Make everything completely open. Let everyone look at the code, if they want to. You will see a brief period of patch hell, as massive amounts of stuff gets fixed, followed by massively increased security.

Edit:

You are correct in that there is no way to make code completely secure. However, you CAN push yourself really close to the asymptote, and make software that is pretty darned secure. This is something that is achievable, and desirable.

Essentially, you are using the perfect world fallacy, that because we cannot create the perfect system, this means that we should try?
stevey_frac
 
Posts: 947
Joined: Tue Oct 20, 2009 10:27 pm UTC

PreviousNext

Return to News & Articles

Who is online

Users browsing this forum: g9d9ef14, Sizik, wumpus, Xeio and 5 guests