Just read this earlier.
I have to say, I’ve been very inspired by Batman and LulzSec recently. The stuff that LulzSec have been doing, while coming under fire on many quarters, I believe, it’s actually good for the world.
- Making sure that security issues are being looked into
- Making more awareness for security
People have been saying that they have been unethical, releasing all those details, and putting many innocent people at risk. But guess what? If you don’t do that, the mega corporations will never do anything about it. And what happens if some truly unethical hacker comes in and steal the data silently? Then no one will ever know about it.
How do I know?
A certain service of Microsoft, I won’t say which one because I want to give them one last chance to fix this, has been storing our passwords in cleartext, or encrypting it, which is a no-no. Either way, they have the ability to generate your password from what they store. I emailed their customer service people, and all they did was to point me to and fro, with no one actually doing anything about the problem. That is what happens when you do it the supposedly right way. The mega-guys just ignore you. You need to do something like what LulzSec do, before senior management will actually take a look at the problem.
Especially among the less geeky of us, they would not know so much about security related stuff. All these attacks have lead to more awareness about these security matters, and some as a result have learnt to be more vigilant about security
Isn’t that good?
And especially with idiots like this around, all the more we need to educate people about security related matters.
And in case you didn’t catch what’s wrong with that link, here’s what’s wrong in the blog post.
So, we changed the process. Rather than sending out instructions that would allow you securely reset your password, we would just send you your password.
They are creating a potential vulnerability, and IF they ever get hacked, all your passwords will be exposed. And if LulzSec don’t do it, someone else will do it quietly, and you’ll never know that your password has been compromised. And I seriously doubt those guys at Hover will be able to figure out that they got hacked anyway.
Yes, when you do something right, people will hate you for it, people will despise you for it. Because the right thing often involved the hard truths about reality.
But it’s not about becoming famous. Nor is it about being a hero. It’s about being something more.
It’s about doing the right thing, so that after you do it, the world will end up being a better place.
- Why you never store passwords.
- StartupRootsSG event: Bunnie
- On Lulz Sec and security related stuff
- Response to Dropmyemail’s response