Hackers Dump Millions of Records From Banks, Politicians 310
hypnosec writes "TeamGhostShell, a team linked with the infamous group Anonymous, is claiming that they have hacked some major U.S. institutions, including major banking institutions and accounts of politicians, and has posted those details online. The dumps, comprised of millions of accounts, have been let loose on the web by the hacking collective. The motivation behind the hack, the group claims, is to protest against banks, politicians and the hackers who have been captured by law enforcement agencies."
Re:Great plan (Score:5, Informative)
"Wake up people, we live in a corporate run society, we are losing freedom in the false name of capitalism, we are losing our humanity to money." [emphasis added]
At least you do say "false". But I would prefer that you leave "capitalism" out of it. The people that are doing aren't calling it "capitalism", and at least in that sense they are more correct than their detractors.
Capitalism has nothing to do with this. Greed, corruption, monopol, and cronyism are not part of capitalism. Not even close. In fact, real capitalism cannot exist in an atmosphere that is so rife with these things.
Did anyone look at these "dumps"? (Score:5, Informative)
Re:Great plan (Score:4, Informative)
"It can be done without putting peoples money at jeopardy."
Really? And how would you do that, such that people really paid attention and it wasn't buried in a 1-inch news story on page 7?
I eagerly await learning about this brilliant plan.
Simple, when they have requirements on password length or character sets, then they're not hashing or encrypting passwords. Then you sue them for negligence, inform the media that instead of the story, "Up next: What common product under your sink could be killing your babies?", they should run, "Up next: Find out why banks are sharing your account passwords with thousands of people.", before they have a word from their sponsor.
I only have the time/money to write nasty emails and talk to branch managers when I visit. Their answer is that people forget their passwords, and they need to see the password to tell them what it is, or help with customer service -- They shouldn't EVER need to do that either. Also: if there's a login form on a page that's not HTTPS -- It's vulnerable to SSL Strip among other MITM attacks. They won't hire a "security researcher" to help AND also listen to what they have to say because That's wilful negligence.
I'm aware that they could be applying character set rules before submitting the data to improve entropy, but there's no reason to limit the length to 6 to 12 characters.
Re:Great plan (Score:5, Informative)
"Simple, when they have requirements on password length or character sets, then they're not hashing or encrypting passwords. Then you sue them for negligence, inform the media that instead of the story, "Up next: What common product under your sink could be killing your babies?", they should run, "Up next: Find out why banks are sharing your account passwords with thousands of people.", before they have a word from their sponsor. "
I've tried it. Doesn't work.
My (then) bank had a huge security hole in their online banking. I contacted the bank several times, and even went to the main branch in person, to show people what the problem was. I talked to their own programmers. They all agreed "This is a huge problem and we need to deal with it right away."
Did they? No. And after multiple contacts over multiple months, I finally decided to go to the media with my story. Guess what? The news media wanted nothing to do with it.
No... sorry. You are assuming they are reasonable people. They aren't. This is the only way they'll pay attention.
Re:Great plan (Score:4, Informative)
Re:Great plan (Score:4, Informative)
Unless the banks slip something in on page 235 of 'the agreement' in micro-print that prohibits it.