LucasForums

LucasForums (http://www.lucasforums.com/index.php)
-   Ahto Spaceport Cantina (http://www.lucasforums.com/forumdisplay.php?f=325)
-   -   The latest in HAAAAAX (http://www.lucasforums.com/showthread.php?t=207691)

Darth Avlectus 06-17-2011 07:32 PM

The latest in HAAAAAX
 
What is it with hackings lately? Seriously now?

Source: http://www.tomshardware.com/news/Ano...ton,12954.html

Quote:

Wednesday evening BioWare said in a blog that on Tuesday a hacker gained unauthorized access to the decade-old BioWare community server system associated with the Neverwinter Nights forums. The developer reportedly took immediate action after learning of the breach by protecting user data, and then launched an ongoing evaluation to determine the extent of the hackers' infiltration.

"We have determined that no credit card data was compromised, nor did we ever have or store sensitive data like social security numbers," said studio general manager Aaryn Flynn. "However hackers may have obtained information such as user account names and passwords, email addresses, and birth dates of approximately 18,000 accounts--a very small percentage of total users. We have emailed those whose accounts may have been compromised and either disabled their accounts or reset their EA Account passwords."

Flynn said that if users do not receive an email from BioWare, of if the password still works on the EA account, then chances are the hackers didn't retrieve their information. Naturally Flynn suggests that users should change passwords regularly; they also shouldn't use a universal password for all websites and accounts.

A FAQ provided by BioWare and EA states that the server system associated with the Neverwinter Nights forums was the target of a highly sophisticated and unlawful cyber attack. So far this was the only server system known to have been affected by the unauthorized attack. Once BioWare discovered the attack and locked down the server system associated with Bioware Edmontonís Neverwinter Nights forums, the developer disabled all legacy BioWare accounts that were affected, and reset the passwords of any EA Accounts that were affected.

"We take the security of your information very seriously and regret any inconvenience this may have caused you," Flynn said. "We advise all of our fans to always be aware of any suspicious emails or account activity and report any suspicious emails and account activity to Customer Support at 1-866-543-5435."

BioWare is just the latest in a growing list of gaming and government websites that have received a DDoS cannon and/or directly hacked. The onslaught seemingly initiated with an assault on the PlayStation Network that brought it to a screeching halt. Epic Games, Bethesda, EVE Online and the CIA are just a few that have suffered the wrath of hacker group LulzSec just in the last week. Currently it's unknown if LulzSec is behind the BioWare attack, so stay tuned.
Sony gets it first, then Google, and several others I'm sure I've missed. Now this. Have any of the haxors of these infamous events been caught of late?

Yes totenkopf, go ahead and post the picture of our monitor throwing friend. :devsmoke:

Miltiades 06-17-2011 07:42 PM

Next up, Sega.

harark1 06-17-2011 08:52 PM

Actually to my knowledge none have been caught, though one had admitted to many of these hackings. Lolzsecurity admitted to hacking(on their twitter account, I'm not joking), minecraft, the us senate, legions of legends, sony, bethesda, and many others.(Those are just the ones I know off the top of my head.)

Totenkopf 06-17-2011 09:05 PM

Have to wonder how much is emanating from the PRC and how much from mere hackers.

@GTA---As to Dr. Haxxxx......well, Red stopped by earlier and left you this message. :devburn:

http://www.lucasforums.com/picture.p...358881&thumb=1

Darth Avlectus 06-17-2011 09:45 PM

^^^:swear:

ChAiNz.2da 06-17-2011 10:37 PM

Bunch of dumbass script-kiddies found themselves a new brute force toy :rolleyes: Tired of this crap.

Would be nice if companies would take further measures though before getting hit.. :¬:

EDIT:

Quote:

Originally Posted by Gizmodo
It’s Time to Abandon Passwords

Mat Honan — For months, there's been a steady trickle of sites getting hacked, followed by their usernames and passwords being passed around publicly on the Web. It's a real and growing problem that's just going to get worse.

Source

Interesting idea.. but I can't think of anything at the moment that would replace it without even steeper "big brother" methods. Biometrics possibly, but what a pain in the arse :xp:

Mav 06-18-2011 01:45 AM

Quote:

Originally Posted by ChAiNz.2da (Post 2782218)
Biometrics possibly, but what a pain in the arse :xp:

I don't want to submit to a retina scan when I come here :P

Bob Lion54 06-18-2011 01:50 AM

Quote:

Originally Posted by Mav (Post 2782243)
I don't want to submit to a retina scan when I come here :P

That's better than what I thought I read until I reread your sentence.

Especially with the ":P" at the end.

Tommycat 06-18-2011 02:16 AM

There are other methods of protecting end user data. Just make sure you change your passwords regularly on anything you care if they get access to. You know... like financial stuff...

I am kinda surprised at how relatively easily data has been available to these hackers... Having worked at a financial institution and a few government facilities over the years, I know we can protect the data very well. Of course there's nothing completely hacker proof... The trick is not to be the low hanging fruit. Disable administrative and root account remote access. I mean you could require a 255 character password and changed every 7 days, but then you make it harder for the average user to get in....

Liverandbacon 06-19-2011 05:15 PM

I hate how the news is talking about how LulzSec 'hacked' the CIA and other sites (). Saying that a DDoS attacker 'hacked' anything is like saying that some guy who super-glued a bank's doors shut pulled off a major heist. One requires actual skill to pull off, and can actually be very serious. The other is something a 10 year old can do, and isn't much more than an inconvenience. When it's only a few hours of downtime, as was the case with the CIA website, calling it 'hacking' is even more absurd.

Not to mention the fact that the CIA isn't even slightly inconvenienced by a temporary lack of a public website. Just look at the site, and you'll see that most of the content consists of information resources like the World Factbook, which are useful for the general public, but completely irrelevant to the Agency's day-to-day functionality. Nothing important goes on on the CIA's website, so all a DDoSer is really doing is shooting themselves in the foot (especially when one considers that one of the public resources taken down is the online FOIA archive).

Technically unimpressive and functionally useless. What a pitiful combination the media is so enthralled by.

Quote:

Originally Posted by ChAiNz.2da (Post 2782218)
Bunch of dumbass script-kiddies found themselves a new brute force toy :rolleyes: Tired of this crap.

Would be nice if companies would take further measures though before getting hit.

Exactly. The scary thing here isn't the competence of the hackers. I wouldn't be surprised if most of them are just kids who've just discovered Metasploit or another program of that ilk, and that's for the actual cracking; the DDoSes aren't even worth mentioning.

What should scare people is how so many companies, especially technology ones, which you'd expect to have more security know-how, leave important information under such weak protection. Given how common password reuse is, even a simple list of usernames and passwords is quite valuable to certain people. And if a bunch of skiddies can get in this many places, you can bet your ass that the professional crackers working in the interests of foreign governments or organized crime can reach even more.

Hopefully all this activity will be a wake up call to both companies and users.

Quote:

Originally Posted by Tommycat (Post 2782250)
There are other methods of protecting end user data. Just make sure you change your passwords regularly on anything you care if they get access to. You know... like financial stuff...

This. Also, people need to stop reusing the same password on everything, especially stuff they care about. Even on the stuff that doesn't matter, the closest I'd ever get to reusing a password would be having a 4-8 character prefix or suffix common to multiple sites and services, with the main portion of the password different.

Websites and services themselves also need to stop ****ing about with "no symbol" rules, lack of case sensitivity, and worst of all, maximum password lengths. It's not that hard to make a password system that can handle symbols, both cases of letters, and long passwords, and it seriously improves security. I know someone whose insurance company doesn't allow case-sensitivity or symbols, and has a 10 character password maximum. I would switch companies in that situation. If they're that clueless security wise with website security, god knows what their general network security is like. I wouldn't want to entrust all my insurance information to a company like that.

Trench 06-19-2011 06:16 PM

LulzSec has pulled off some amusing hacks. Beyond the typical /b/tard's "lol, I DDoS j00!" deal. Like changing the homepage image of a Web Security company's website. And the fact that he's/she's/they're/it's ballsy enough to release torrents and such of the stolen Sony user data says something. I rather him/her/them/it. :p

Darth Avlectus 06-19-2011 11:41 PM

Quote:

Originally Posted by Liverandbacon (Post 2782387)
What should scare people is how so many companies, especially technology ones, which you'd expect to have more security know-how, leave important information under such weak protection. Given how common password reuse is, even a simple list of usernames and passwords is quite valuable to certain people. And if a bunch of skiddies can get in this many places, you can bet your ass that the professional crackers working in the interests of foreign governments or organized crime can reach even more.

Yeah. And actually there are tools out there alerting you to google analytics trackers in various websites wherever you go. Not surprisingly in my area several people got infected, as there has been some hackers sneaking through stuff through google searchbar tools in web browsers.

Also, banking online w/ online social networking = bad idea. At least all with the same email address. I'd say if anyone can, change your IP if at all possible, and use dynamic IP thereafter.

Quote:

Hopefully all this activity will be a wake up call to both companies and users.
Seconded.


Quote:

This. Also, people need to stop reusing the same password on everything, especially stuff they care about. Even on the stuff that doesn't matter, the closest I'd ever get to reusing a password would be having a 4-8 character prefix or suffix common to multiple sites and services, with the main portion of the password different.
One of my pals online says F*** you synonyms and alternate identities and yet he has had his identity stolen and his cards fraudulently used. So consider the source.


Quote:

Websites and services themselves also need to stop ****ing about with "no symbol" rules, lack of case sensitivity, and worst of all, maximum password lengths. It's not that hard to make a password system that can handle symbols, both cases of letters, and long passwords, and it seriously improves security. I know someone whose insurance company doesn't allow case-sensitivity or symbols, and has a 10 character password maximum. I would switch companies in that situation. If they're that clueless security wise with website security, god knows what their general network security is like. I wouldn't want to entrust all my insurance information to a company like that.
I refuse to bank online anymore. I miss being able to buy stuff, but this really is all for the best.

Totenkopf 06-20-2011 12:17 PM

Quote:

Originally Posted by GTA:SWcity (Post 2782420)
One of my pals online says F*** you synonyms and alternate identities and yet he has had his identity stolen and his cards fraudulently used. So consider the source.

I refuse to bank online anymore. I miss being able to buy stuff, but this really is all for the best.


Yeah, I basically don't trust net security no matter what any company says and therefore don't shop online (or anything else like banking, taxes, etc...). As to your friend, he might not have been a victim of online identity fraud. I used to work with someone that it turned out was stealing CC carbons from the trash can at that resturant. Finally caught up with him, but don't know whatever happened with him in the end. There are already enough offline ways for identities to be stolen as it is.

ChAiNz.2da 06-20-2011 12:54 PM

another interesting viewpoint...

Quote:

Originally Posted by John C. Dvorak, PCMag
Hackers Are Everywhere. Panic!

I think the number of recent hacks and the amount of news coverage on these attacks is suspicious. Could they be false flag events to help the government regulate the Internet?

source

Totenkopf 06-20-2011 03:31 PM

Not entirely implausible, given that the feds seem to want to get their piggy hands all over everything anymore. A few more articles on the subject in general, the WSJ piece on China being interesting.

http://tech.blorge.com/Structure:%20...ase-over-time/

http://www.internetevolution.com/aut...&doc_id=188322

http://online.wsj.com/article/SB1000...528702658.html

Lynk Former 06-21-2011 06:47 AM

I don't really get the point of China doing this...

"Let's be annoying to the rest of the world cause we don't give a **** what they think of us any way."

ChAiNz.2da 06-21-2011 10:13 AM

Quote:

Originally Posted by Lynk Former (Post 2782557)
I don't really get the point of China doing this...

"Let's be annoying to the rest of the world cause we don't give a **** what they think of us any way."

because ePeen knows no borders :cool:
http://stormborn.eu/guild/static/ima...een-trophy.png

Totenkopf 06-21-2011 10:48 AM

Quote:

Originally Posted by Lynk Former (Post 2782557)
I don't really get the point of China doing this...

"Let's be annoying to the rest of the world cause we don't give a **** what they think of us any way."

While I'm not blaming the PRC for a specific incident, rather pointing out that they are involved in a lot of the hacking attacks that have taken place, I think ChAiNz is onto something with the ePeen joke. As far as the PRC's motivations or attitudes, they clearly don't give a **** about their own people.....so why would they care about the rest of the world, esp when it seems to fall all over itself to get access to the fabled "china market".... I believe they do it b/c they can and to get info they might not be able to get otherwise for reasons known to them.

Negative Sun 06-22-2011 12:32 PM

Well Britain has just passed a law forcing ISPs to "monitor and process all data" what users do online to catch all these nasty pirates everywhere...

Tommycat 06-23-2011 12:14 AM

Quote:

Originally Posted by Negative Sun (Post 2782746)
Well Britain has just passed a law forcing ISPs to "monitor and process all data" what users do online to catch all these nasty pirates everywhere...

Soon to be news:
A British ISP has been hacked and several thousand users' personal private data is now in the hands of hackers

Sabretooth 06-23-2011 04:21 AM

But first, our special feature for tonight:

British MPs and their Favourite Fetishes!

Quote:

Originally Posted by Totenkopf (Post 2782568)
As far as the PRC's motivations or attitudes, they clearly don't give a **** about their own people....

That's a pretty vast exaggeration. The PRC's administration has been harsh compared to the West, but it's far from 'not giving a **** about their own people'.

Totenkopf 06-23-2011 03:34 PM

Quote:

Originally Posted by Sabretooth (Post 2782813)
That's a pretty vast exaggeration. The PRC's administration has been harsh compared to the West, but it's far from 'not giving a **** about their own people'.

We'll have to agree to disagree. Most totalitarian govts don't care about their citizens (the PRC has never truly demonstrated otherwise), far less than even corrupt western ones where pols usually lie to the voters to merely get elected/re-elected. To the extent that "bettering their people" serves their own petty interests and vanity and national ambitions, there's some level of progress. Just make sure you don't run afoul of the Party and its multitude of hacks. Frankly, Stalin, Mao and Pol Pot were harsh "compared to the west"......so I'm not sure what that's supposed to mean.

Sabretooth 06-24-2011 02:58 AM

China's vast economic growth, rise in living standards and a thunderous GDP show that the PRC doesn't care about its people? What about the wide-ranging improvements in infrastructure and medical care? If you still don't think the PRC has 'never truly demonstrated' that it 'doesn't care about its citizens', I don't know what you need to be convinced - public debates about Hu Jintao's birth certificate?

Get real, amigo. Mao is dead.

Totenkopf 06-24-2011 12:14 PM

Quote:

Originally Posted by Sabretooth (Post 2782923)
China's vast economic growth, rise in living standards and a thunderous GDP show that the PRC doesn't care about its people? What about the wide-ranging improvements in infrastructure and medical care? If you still don't think the PRC has 'never truly demonstrated' that it 'doesn't care about its citizens', I don't know what you need to be convinced - public debates about Hu Jintao's birth certificate?

Nothing you said indicates China cares about its people so much as its own position in the world. Modernizing your country b/c you wish to be the next hyperpower doesn't = caring about your people so much as caring about your place in the hierarchy of world power. If you think that they really care about anything else......well, you'll believe anything. :rolleyes:

Quote:

Get real, amigo. Mao is dead.
That makes about as much sense as your throwaway contention about about "harsher than the west"....and is about as meaningless. ;)

Sabretooth 06-24-2011 12:59 PM

Quote:

Originally Posted by Totenkopf (Post 2782963)
Nothing you said indicates China cares about its people so much as its own position in the world. Modernizing your country b/c you wish to be the next hyperpower doesn't = caring about your people so much as caring about your place in the hierarchy of world power. If you think that they really care about anything else......well, you'll believe anything. :rolleyes:

I like your style of debate Herr Totenkopf, no counterpoints or new ideas, only refutals and vacuous opinions.

By your logic, all that every developing country wants is political power and not, you know, 'caring for their people'. As opposed to countries with free speech and democracy that go out of their way to spread some of that care to other countries as well.

mimartin 06-24-2011 01:30 PM

If you two want to logically debate or illogically debate for that matter, take it to Kavars. This is not the serious business section.

HockeyGoalie35 06-29-2011 09:11 AM

Awhile ago, but give me a break....

http://www.msnbc.msn.com/id/43224451...an-be-act-war/

Liverandbacon 06-29-2011 10:30 AM

Quote:

Originally Posted by HockeyGoalie35 (Post 2783605)
Awhile ago, but give me a break....

http://www.msnbc.msn.com/id/43224451...an-be-act-war/

I don't see a problem with this.

Sabretooth 06-29-2011 10:44 AM

Invasion of Iran in 3... 2... 1...

Darth Avlectus 07-04-2011 02:07 AM

Can anyone say "SKYNET"?
Quote:

Originally Posted by IG-64 (Post 2757246)
Story

Info

Amazing.


Totenkopf 07-04-2011 12:07 PM

Yet another recent example: http://news.yahoo.com/foxnews-websit...131341952.html

acdcfanbill 07-05-2011 09:42 AM

yes, hackers.... not a drunk fox news intern, but evil, evil hackers!


All times are GMT -4. The time now is 05:41 AM.

Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
LFNetwork, LLC ©2002-2011 - All rights reserved.