Soldato
- Joined
- 28 Mar 2005
- Posts
- 11,255
- Location
- Newbury
Bethesda Hacked blackmailed for top hat in skyrim
- Thread starter dmcg
- Start date
Yup, if someone wanted to they could DDoS twitter and lulzsecurity.com to take their presence offline - but then your just as bad as them as you'd take out a load of innocent services too.
Time would be better spent trying to crack their twitter account password via distributed brute force
Time would be better spent trying to crack their twitter account password via distributed brute force
Last edited:
Yup, if someone wanted to they could DDoS twitter and lulzsecurity.com to take their presence offline - but then your just as bad as them as you'd take out a load of innocent services too.
Time would be better spent trying to crack their twitter account password via distributed brute force
live brute forcing is easily mitigated, getting hold of the password hash database and working on it offline is a different matter.
Not so easily mitigated (unless you only accept correct password from a pre-approved IP), sure you can shutdown the account after <x> incorrect attempts over a length of time and block an ip after <x> incorrect attempts. But the former would have the same effect give or take as breaking their password - it would take that specific presence offline. Tho if the account username is different to the displayed username its a bit harder, tho not impossible.
Last edited:
I'm not talking about having online services, I'm talking about leaving major security flaws in them that allow hackers to be able to waltz in and grab whatever they want. Having unencrypted data *ahem Sony* just exacerbates the problem really 
I guess i used the wrong term there, ok, not mitigated but slow the onslaught long enough for you to get your plans in motion.
Surely the point of attack should be physically taken offline as a matter of course anyway to protect against it opening up further vulnerabilities a la ACS:Law?
Surely the point of attack should be physically taken offline as a matter of course anyway to protect against it opening up further vulnerabilities a la ACS:Law?
I'm not talking about having online services, I'm talking about leaving major security flaws in them that allow hackers to be able to waltz in and grab whatever they want. Having unencrypted data *ahem Sony* just exacerbates the problem really
Any web-site, hosting backend, etc. can be broken eventually... give me a couple of months and impunity from the law and I could find a way into most and I'm no hacker just have a lot of programming experience and some networking experience. Infact you'd be suprised just how far you can still get just with \..\ even today
Ah. But still, surely using a higher level of encryption on customers data would suffice for the businesses? I'm no coding expert, I much prefer dealing with hardware, but I remember reading about quantum encryption or something a while back, is this not yet possible?