Posted the logins of all PBS local affiliates, including their plain text passwords
Wordpress Attack allowed local access.
Linux kernel exploit allowed root access.
Compromised additional servers due to shared passwords. SQLi
Source code for scedev.net leaked. 3134 ATM ID's and locations leaked DB's for various affiliates leaked.
Admin data for servers available. Devastating attack against FBI affiliates.
Usernames & Passwords leaked.
Home address details of CEO's leaked. 250, 000 contestants
info leaked. Internal configuration for FOX.com leaked.
DB for sales staff leaked. 26,000 user details leaked. US Senate hacked.
Internal config released. AT&T used pirated copy of Winrar What lesson has been learned? None really
Security is hard
No-one takes it seriously Last file leaked was a list of routers.
Most had default usernames and passwords. Lulzsec have shown how ineffective the security community & market really is Too often the thought is "let's buy a tool!!" Tools like vuln scanners, IPSes, and WAFs will fail you when you need them most. Everyone in security is to blame We in security cater more to those who check boxes than we do actual security Security is the first business I have seen where the customer is not always right. There is no silver bullet approach Security buy in across all levels Work with the best out there Blackbox testing is not effective Rarely do big IT departments communicate with each other Doing it for
the Lulz Who am I? It's hard to get the basics right Gobble Gobble Training Lulzsec won't be the last 1: SQLi 2: XSS 3: RFI 4: Botnets What is the reason for the recent rash of hacking? hackers aren't necessarily smart victims are stupid Embedded security testing Daniel@SensePost.com Daniel.Cuthbert@OWASP.org @dcuthbert Assessment Manager
for SensePost Wrote the Testing Guide
Now joint lead for ASVS We aren't getting our message acrossSee the full transcript