Linked by Thom Holwerda on Fri 17th Jun 2011 18:49 UTC
Privacy, Security, Encryption Oh boy, what do we make of this? We haven't paid that much attention to the whole thing as of yet, but with a recent public statement on why they do what they do, I think it's about time to address this thing. Yes, Lulz Security, the hacking group (or whatever they are) that's been causing quite a bit of amok on the web lately.
Permalink for comment 477728
To read all comments associated with this story, please click here.
RE[2]: ...
by Alfman on Sat 18th Jun 2011 19:42 UTC in reply to "RE: ..."
Alfman
Member since:
2011-01-28

Thom Holwerda,

"Well, in all honesty - I did check with the team if our passwords (and yours) are all properly secured. I don't want to dive into specifics,"

Ah, security by obscurity then. (just kidding Thom)

" but suffice it to say they are all properly encrypted ;) ."

Well, not exactly since it's over plain HTTP.

If hackers did get in, they could alter anything in the database. They could install keyloggers or modify the hashing function such that they are able to decrypt passwords easily.

Am I right in thinking it's extremely unlikely that you'd notice?

Even a single XSS vulnerability would give an attacker the opportunity to steal your credentials if you follow a malicious link.

If you were a high profile target, it'd probably be worth hiring someone else to do penetration testing, which most companies fail to do.

Many companies around here don't even want to pay to fix known vulnerabilities. Like sony, a theoretical attack vector isn't important until it has been actively exploited.

Reply Parent Score: 3