I came across this link that might be of interest:
http://www.makeuseof.com/tag/10-sear...invisible-web/
Basically specialist search tools for the darknet?
:)
Printable View
I came across this link that might be of interest:
http://www.makeuseof.com/tag/10-sear...invisible-web/
Basically specialist search tools for the darknet?
:)
LulzSec is just a bunch of attention seeking scriptkiddies, using automated tools for their "hacks" and acts like hotshots while doing it.
Hey crim, how's it hangin?
Do you think that The-Spec is involved in all this...........?..........does look a bit like his style (without the Hello Kitties) ???
Cheers,
:)
looks like reality is closing in on these guys:
Reports are emerging that Topiary, a key member and spokesman of LulzSec, has been arrested.
Officers from the Metropolitan Police Service’s Police Central e-Crime Unit (PCeU) arrested a 19-year-old man in an intelligence-led operation today.
The announcement was made on the Metropolitan Police Website, and the arrest has been made as part of an “ongoing international investigation into the criminal activity of the so-called “hacktivist” groups Anonymous and LulzSec”. The statement also confirms that they believe the man they have is “Topiary”.
The suspect was arrested at a residential address in the Shetland Islands, off the north east coast of Scotland, and he is being transported to a police station in central London. His address is currently being searched.
Police are also searching another address in Lincolnshire, and a 17-year-old male is being interviewed under caution in connection with the inquiry, though he has not been arrested.
It’s thought that ‘Topiary’ is second-in-command at LulzSec, and the ‘public’ face of the hacktivist group. Topiary was notable for his eloquent writing, and it may surprise some to learn that the man suspected of being Topiary is still a teenager.
Topiary is thought to manage the main LulzSec Twitter account, which was last updated 5 hours ago, though he likely had a hand in most of the group’s announcements. He’s also thought to be well-known among hackers with links to more senior Anonymous members.
Up until now, very little has been known about his identity, though he has been referred to as ‘Daniel’ in some leaked transcripts in the past. And it seems that Topiary had wiped his Twitter feed too, leaving a single, solitary message, perhaps in anticipation of the net closing in on him:
http://cdn.thenextweb.com/insider/fi.../TTopiary1.png
We’ve written extensively about both LulzSec and Anonymous in recent months. LulzSec announced in June that it was to cease activities after 50 days, but the group was soon back in the fold. And just last week, we reported on LulzSec and Anonymous’ joint statement, which was directed at the FBI.
And today’s arrest has happened on the same day LulzSec and Anonymous issued another joint statement calling on people to boycott PayPal. “PayPal’s willingness to fold to legislation should be proof enough that they don’t deserve the customers they get. They do not deserve your business, and they do not deserve your respect.”
The LulzSec and Anonymous hacktivist groups seem to be spread far and wide. Last week we reported that the FBI had raided three people’s homes in New York, thought to be members of Anonymous. Shortly after, it was revealed that a 16-year old leading member of LulzSec, known as TFlow, had been taken into custody in London.
And at the time of writing, the Lulzsecurity website has been taken offline too: http://lulzsecurity.com/.
We’re sure there will be further statements from both LulzSec and Anonymous in due course, but it seems that the net is certainly closing in, and it will be interesting to see where the hacktivists go from here.
Source: http://thenextweb.com/insider/2011/0...-spokesperson/
How many times have they arrested key members of lulzsec that turned out to be at best, loosely affiliated with them? This could very well be one of them, but I am a little skeptical...
It was topiary.
:fu: Is all i can say. Hope they make an example out of these chaps... Ibet it won't be long before they all "Roll" on each other and we start seeing more "Anonymous" related arrest's also. :D
There 1 claim to fame is that they could google dork for website's that were vuln to a 2yr old sql script, And using the forgotten password feature and using easily obtainable info to obtain control of e-mail accounts.
i guess there starting to realise were not laughing with them, but at them. :rolleyes:
Interesting article here: http://www.dailytech.com/Exclusive+B...ticle22280.htm
Hmmm, the doctrine of "contributory negligence" comes to mind, and British law is pretty lenient regarding these "prank" types of activity as it is. This could explain why there seem to be a disproportionate number of Brits involved............they don't perceive the risks as being so great as people in other countries might?Quote:
There 1 claim to fame is that they could google dork for website's that were vuln to a 2yr old sql script, And using the forgotten password feature and using easily obtainable info to obtain control of e-mail accounts.
But which one?Quote:
It was topiary.
I think that this could drag on for a long time or they will just get bored and go away.
The problem with attention seekers is that you get a whole load of wannabees trying to claim the glory.
Our computer misuse act came into law in 1990. Since then there have only been about 200 cases brought under it..........sorry, no idea of the success/fail rate.
Our law enforcement people just don't like using it because it is too easy to create reasonable doubt in the minds of jurors, and it is hardly worth the effort of chasing skiddies (which is all these people are) given the cost and effort it would take.
I think that the article westin linked to may have a point........the Metropol are looking for some favourable publicity in the wake of the Murdoch bribery allegations?
This could well prove embarrassing for them ;)
From what I've heard most of these skiddies are using things like LOIC and slowloris (correct me if I'm wrong). Has anyone analyzed these programs to see how they work? This is a security forum after all :D. I think that'd make an interesting discussion/project. It's probably not too difficult to see how it works though if you can get the code.
I think Slowloris works by opening several simultaneous connections to a webserver, and then not allowing them to close. Most webservers only allow for a certain number of connections at once [I think 400 for apache?]. This will deny any access to additional connections once the threshold is reached.
I had some virus code once, unfortunately, my 'collection' method was to open a feckin Email :DQuote:
Originally Posted by metguru
once I had it, it was WAY to late to study it :rolleyes:Quote:
Originally Posted by metguru
but as for the groups in the headlines
my take is that it is all for headlines
they don't actually go for anything dangerous
as in sensitive 'clear and present danger' type stuff
just a troll around the wwweb finding weak servers :eek:
just imagine the info/sec guys rubbing their hands
NOW they can actually have a chance to implement REAL security
and feck the [L]users
be funny when thy DO get the 'anonymous' ones, and find out just who daddy is :D:p
Gives a person on chons an infection target during the summer, if you link your own compiled version of LIOC? :|Quote:
Originally Posted by metguru
bludgeon: I'm not sure exactly what you're trying to say here?...:confused:
Oldfags acting like newfags trolling summerfags with virused versions of "loldownloads, join the fight, nao! Faggots, fire all cannons at teh enemies, get your copy here wwwdotcopydotcom!".Quote:
Originally Posted by metguru
For some reason, I always think that LOIC stands for Low Income Ion Cannon.
Not sure why.
As to the tools and groups.... Of course they're simple, it's Anonymous. There is more skill in *this* board than within the whole of Anonymous. (I'm not sure about LulzSec though. I haven't seen enough from them.) That's not to say that they cannot be effective. A two year old SQL vulnerability still grants them access to the same data, and a properly targeted DDoS can cost a large company millions.
I'd be happy to post explanations of specific tools if that's ok with the admins? We are apparently no longer a security site.
http://sourceforge.net/projects/loic/
http://ha.ckers.org/slowloris/
these seem like they're the original links.
I would be fine with it. :) As long as it's simply not a thread with a few links & no information etc.Quote:
Originally Posted by D0pp139an93r
A mini - tutorial type thread. :) ;) Feel free to create a fresh topic, and just insert the link to this topic that way members can understand what's being published.
Lol, the fact that he has to tell anyone here anything about it really says something doesn't it? Probably almost as much as asking for permission to post about it.
^See, that's what wrong here. People who don't know dick, and then people who ARE dicks and made everyone Believe that if you talked about tools you were breaking a law or something.
I saw post a whole thread, and talk about anything you want in it. I've been thinking about making an "interesting" thread for a little while now. (Posting a thread made to be informative where I'd post specs for a system, and say "OK, so it's now a default install of this. What should I do to lock it down?" And then everyone could post stuff like what they would do, and at the end you'd have a decent thread for closing up an OS or something.)
Allen update your Slackware Linux link in your Signature, it's not pointing to the correct website atm.
I always think Large Objective Idiot Causation...Quote:
Originally Posted by D0pp139an93r
I do not think anyone who knows even an iota of info sec is impressed, but I find it interesting because of the impudence of the attacks.
Those who take seriously the risks attached to different objectives "for the lulz '? Bunch of script kiddies? Maybe. Certainly seem to lack the talent (remember they are bombing, instead of a knife).
Done. I used to always use the .org link, and I guess it doesn't work anymore. I just changed it to the .com one.Quote:
Originally Posted by HYBR|D
@ donaldsmith:
Better attempt there, :) you were pretty much on subject, albeit several posts behind ;)
Sharpen up your English huh?
"bombing" = "carpet bombing" (Vietnam) or "blanket bombing" (WWII)
"knife" = "scalpel"