We have all seen the latest anti-sec hacks. We've been reading the comments and wanted to address a few of you. >> [ ProducedRaw ] >> I disagree. The guys they are targeting are blackhats and so they chose to be in the line of fire. It's like freaking out over a soldier getting shot. While you are right about them being in the line of fire by their own will, you are dead wrong about who these people are. Sometimes we have to remind ourselves about how ignorant the public is, due in full by the people getting paid to lie. You will be spared hearing about the long, long history behind hacking. This stuff is set-in-stone and there's not much people can do to argue for or against these definitions. Whitehat: asshole who publicly posts exploits, tools, etc. normally sucks dick for money (do you actually need a citation or have we shared enough?) Greyhat: no such fucking thing Blackhat: someone who is hacking and not posting shit public. But there's a HUGE difference between the blackhat hacking scene and the underground. That's a long story though. Therefore, it's safe to say that this Astalavista cult and the rest of their sheep followers (no offense to sheep) are FAR from being blackhats or even respectable and intelligent "computer scientists" or whatever the fuck they feel like calling themselves. Why? Not only do they sit and run ./nmap and think they're badass but they MIRROR EXPLOITS that are publicly available and sell them. They make a living off of public and FREE information. They provide little kids with copy-and-paste tutorials on how to launch attacks with those scripts/tools/exploits too. But then they offer security solutions to another company... do you see what's going on here? They cause a problem, and provide (commercially) a fix for it. Hell, they can't even apply those patches to their own servers! >> [ illuminatedwax ] >> See I don't see a problem with getting hacked if people are using 0days on software that you haven't personally created. >> That's just the way things are. But in this case apparently they stole some passwords from his Gmail account. That's fucking stupid. You are missing the point. If you're running a security website / company and at the same time you can't even secure your own god damn workspace, website, or server and you save plaintext passwords in databases, you deserve to be rm'd. It doesn't even matter if they were stolen passwords from the gmail account (they weren't). He should have been much smarter than that. He has an IT CV so big and a mouth even bigger yet he gets owned. There are no excuses and no conditions. >> [ xb4r7x ] >> lmao... that guy really needs to lay off the caps lock. >> [EDIT]: I was going to go on an anti-sec rant... but I have a call to go on. Will post when I'm back at my desk. >> [EDIT2]: Here's my opinion on anti-sec groups. If any of you belong to these groups, which I'm sure at least some of you do... >> pay close attention to this, then look at yourself in the mirror. You'll thank me later. >> Black hats are people who sit in their basement on a computer with the lights off with the sole purpose of breaking into systems and causing mayhem. >> Why? Well nobody really knows... but it's similar to a kid with a magnifying glass near an ant hill. >> They generally lack social skills and for whatever reason don't want to develop them by going outside and enjoying the world. >> They take pleasure in other people's pain, and have massive inferiority complexes. >> This is the main reason they do what they do IMO... they can't make friends like everyone else, feel inferior, >> and need to prove to themselves that they're better than others. So they break into other people's computer systems to prove that they're better. >> When really, they're just assholes with no life. >> There is another type of black hat as well... and they're just sadistic bastards with few redeeming qualities. >> Dear BH's Make the world a better place... don't try to destroy it just to see what happens. Nothing you've ever done, >> or ever will do will keep people from living their lives. You're all cockroaches. >> >> In all honesty, you can forget everything I just said... >> I just have a serious problem with people who fuck with other people for what seems like no reason. Especially when they hide behind the internet. >> Oh yeah, and they're cry babies. "WAAAHHH DON'T TELL PEOPLE THEIR SHIT IS BROKEN!! THEN THEY'LL FIX IT AND I CAN'T ATTACK THEM ANYMORE!!!" - Idiots You have the general media image of a "blackhat", carved into your thoughts by the very people that we've exposed time and time again. The security industry has no facts to back up on their talk, and nor do you. Take a good look at the people getting pwned by the blackhats and the underground. It wasn't this way a long time ago, but you will notice that these days a good majority are promoting an industry and skewed culture which they are unable to learn from and apply to their own servers. They are hypocrites. There is some more terminology that we have to clear up. Hackers: THEY HACK SHIT. They are not necessarily programmers that broke their etch-a-sketches apart when they were 5 years old and inhaled the powder. Crackers - Reverse engineers, not "hackers who use the information for destruction". Anything else is a fucking lie and anyone who believes it is taking it up the ass by not only the security industry but the whitehats that use stereotypes to enhance their own image and get them jobs. Now, when you look at all of the kids running rampant hacking random places with no skills at all, how are they obtaining the tools to do it? Sites like Astalavista and people like Glafkos ( nowayout ). Now do you see why we target these people? It's not about telling people, "your shit is broken," it is about ZERO DISCLOSURE of exploits to the general public. If you don't follow that, then you are contributing to the security industry and making a lot of fucktards money they do not deserve because they obtain it through lying and scaring people into using their products. This diagram will help demonstrate: [ Full-Disclosure ] ----> milw0rm / websites that mirror milw0rm / publish exploits / copy-and-paste tutorials ---> script kiddies with no clue on why / how said script works, but they do have a tutorial to follow, line by line ---> companies and people getting hacked / destroyed. What are blackhats doing exactly? Hacking and exposing the websites / people who are promoting those exploits to the public, selling a service that they cannot provide, lying and cheating... Hence why blackhats are against full disclosure Maybe a few good things do happen from full disclosure, but on the bigger picture it's mostly bad. >> [ xb4r7x ] >> Idc how much of an idiot the guy was for not securing his data. Hacking his box is still wrong... even if he did ask for it. >> It bothers me that people do this shit just to prove that they can. >> Although I was mildly amused that pretty early on in the list of emails they had detected the 'script kiddies'... but still did nothing to keep them out. If he was your average joe with no security on his data, it would have been all fine, but this guy actually says he is a security expert, his CV mentions 5+ certificates. This was not to prove they can, but more like to expose those people who claim they are security experts, claim they are whitehats... while it didnt take much effort to break into there servers, find exploits, milw0rm mirrors, bad code, etc... >> [ chia_pet ] >> Wow. What a bunch of asshats. What's so horrifically wrong about publishing information that could lead to more security? Read above, you miss the point.. It is not against the security, it is against the security industry. >> [ benologist ] >> Who cares if they were profiting? Why are we against everyone but ourselves making money? It is more about how they were profiting, disclosing exploits to the public then offering security against the huge threat of "hackers".. while they couldn't secure there own servers / scripts.