Passwords in plaintext :v:
I hope they get every book in reach thrown at them, everyone that can be identified as participating in this shit, Lizard Squad as well as their "customers".
From the Ars Technica article the BBC story links to,
[QUOTE]Another potential problem is the obfuscated log of user's IP addresses. To prevent users from sharing a "booter" account with their friends, LizardStresser checks the user's IP address against a hash of the address used when the account was set up. This is potential gold for anyone willing to spend a little while cracking the MD5 hash of users' IP addresses included in the database--a task that, given the structure of the data hashed, is not the most difficult of cryptography problems. Any potential crackers would have complete attribution for several thousand denial of service attacks over the past month.[/QUOTE]
If you get a GPU to run the hashes, you can have the complete IPv4 address space MD5-hashed in under 10 minutes.
Security was clearly not their focus, at all.
Also from the Ars article:
[IMG]http://cdn.arstechnica.net/wp-content/uploads/2015/01/lstress2-640x420.png[/IMG]
State of Chicago, DMCA protection, and a privacy policy that reads,
[QUOTE]We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.[/QUOTE]
I hope I don't know anyone on the list because I won't be able to take them seriously ever again, lol
Getting a taste of their own medicine, I like it.
This just confirms they are script kiddies if they do not know anything about security.
Sorry, you need to Log In to post a reply to this thread.
