• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Anonymous rapes "security" firm investigating them for WikiLeaks related DDoSing

Page 7 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Mr. Barr was a moron, pure and simple. His so called "security" company was anything but a bunch of bumbling morons who were overpaid, save for the coder he had on hand. Someone send that guy a coupon for all you can eat tacos!
 
SpatiallyAware said:
They way they got that root pw is insane. That admin needs fired on the spot.

Even a small company should never reset a pw based simply on an email.
Click to expand...

I've rang up a hospital before from outside, asked for IT. Spoken to tech support - Hi. I need a login and password for the Electronic Patient Record. I hadn't actually started work there, but was due to start on the 3rd day of a 3 day weekend. Given that there would be no way to do my job without access to the electronic record, and that IT support don't work weekends and holidays, I planned ahead about a week before I started.

- What's your username?
= Err. I don't have one. I need a new account
- What's your name?
- Mark R
- OK. What department do you work in?
- blah. blah
- I don't have a record of any account in your name. That's because I haven't started. I start on holiday Monday.
- Oh. OK then. I'll send a new password to your internal e-mail
- Oh. I don't think it's working, the account hasn't been set up. Can you send it to my hotmail?
- What's the address?
- asdfasdfasdf@hotmail.com

5 minutes later, login and password details arrive in my hotmail account.
 
Mark R said:
I've rang up a hospital before from outside, asked for IT. Spoken to tech support - Hi. I need a login and password for the Electronic Patient Record. I hadn't actually started work there, but was due to start on the 3rd day of a 3 day weekend. Given that there would be no way to do my job without access to the electronic record, and that IT support don't work weekends and holidays, I planned ahead about a week before I started.

- What's your username?
= Err. I don't have one. I need a new account
- What's your name?
- Mark R
- OK. What department do you work in?
- blah. blah
- I don't have a record of any account in your name. That's because I haven't started. I start on holiday Monday.
- Oh. OK then. I'll send a new password to your internal e-mail
- Oh. I don't think it's working, the account hasn't been set up. Can you send it to my hotmail?
- What's the address?
- asdfasdfasdf@hotmail.com

5 minutes later, login and password details arrive in my hotmail account.
Click to expand...

Insane. That would get a helpdesk person fired at my hospital. User account requests must be made by the departmental admin. No exceptions.
 
Mark R said:
I've rang up a hospital before from outside, asked for IT. Spoken to tech support - Hi. I need a login and password for the Electronic Patient Record. I hadn't actually started work there, but was due to start on the 3rd day of a 3 day weekend. Given that there would be no way to do my job without access to the electronic record, and that IT support don't work weekends and holidays, I planned ahead about a week before I started.

- What's your username?
= Err. I don't have one. I need a new account
- What's your name?
- Mark R
- OK. What department do you work in?
- blah. blah
- I don't have a record of any account in your name. That's because I haven't started. I start on holiday Monday.
- Oh. OK then. I'll send a new password to your internal e-mail
- Oh. I don't think it's working, the account hasn't been set up. Can you send it to my hotmail?
- What's the address?
- asdfasdfasdf@hotmail.com

5 minutes later, login and password details arrive in my hotmail account.
Click to expand...
Social engineering is a powerful tool.
 
DanDaManJC said:
it's true, unadulterated, information freedom. sure 90% of what they do is absolutely senseless and juvenile, but we really could be witnessing the start of another phase of democratic revolution here
Click to expand...
:thumbsup:
We'll all be digging for Pringles cans to make the OLD school 801.11* antennas of yore if The Powers That Be decide to put a kill switch in. Granted, we'll only be networking locally unless anyone still has a dial up modem and cable to connect a cell phone. Welcome to Devolution... 14.4 kbs hiding in the fax signals. Wardriving on a Corporate wireless field like we used to do for fun.

Workers of The World, Unite!
 
Last edited:
Home Depot used to leave default usernames/PWs on their Wireless Routers. Making the password "orange" wasn't that big of a stretch of the imagination. 😀
 
I would be more than happy to suggest - and document - a good target for Anonymous, for the sake of a good cause, and for social justice.

And I'm 100% serious.
 
Are there any large scale attacks such as this one documented anywhere? I've never seen one happen and would be interested to see the production and how it's orchestrated. I have read short articles about "they laucnhed a ddos attack to bring the servers to their knees" but that's about as in depth as it goes..... i'm interested in a full write up, play by play action.
 
Lithium381 said:
Are there any large scale attacks such as this one documented anywhere? I've never seen one happen and would be interested to see the production and how it's orchestrated. I have read short articles about "they laucnhed a ddos attack to bring the servers to their knees" but that's about as in depth as it goes..... i'm interested in a full write up, play by play action.
Click to expand...

someone else summed it up pretty well


child of wonder said:
Anonymous: "I can haz password?"
Sys Admin: "sure lol"
Anonymous: "and i can haz firewall downs?"
Sys Admin: "yup lol"
Click to expand...
 
Lithium381 said:
Are there any large scale attacks such as this one documented anywhere? I've never seen one happen and would be interested to see the production and how it's orchestrated. I have read short articles about "they laucnhed a ddos attack to bring the servers to their knees" but that's about as in depth as it goes..... i'm interested in a full write up, play by play action.
Click to expand...

I remember reading this a long time ago. I'm sure much of it is out of date now, but it's still interesting.
 
Lithium381 said:
Are there any large scale attacks such as this one documented anywhere? I've never seen one happen and would be interested to see the production and how it's orchestrated. I have read short articles about "they laucnhed a ddos attack to bring the servers to their knees" but that's about as in depth as it goes..... i'm interested in a full write up, play by play action.
Click to expand...

There were some 'white hat' hackers who got attacked and taken down by the 'black hats' sometime last year. They did release a pretty elaborate 'play by play' on the whole process and it was a really good read. I can't remember where I found this though.
 
Lithium381 said:
Are there any large scale attacks such as this one documented anywhere? I've never seen one happen and would be interested to see the production and how it's orchestrated. I have read short articles about "they laucnhed a ddos attack to bring the servers to their knees" but that's about as in depth as it goes..... i'm interested in a full write up, play by play action.
Click to expand...

Not as large scale, but The Cuckoo's Egg by Cliff Stoll is a good read in this subject area.
 
shortylickens said:
I love their new home page. They are so utterly full of shit its funny.
http://www.hbgary.com/
Click to expand...

We know that understanding the attacker and his methods is the only way to defeat him. This is the core strength of HBGary and why our technology and services outperform the competition. To us, it's personal.
Click to expand...

This is what got them fucked the first time. I guess they haven't learned their lesson...
 
do they not realize the company name sounds like a stupid bb/aim handle?

I better go change my consulting company name to XGZargon 🙄
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top