Un petit blog sans prétention (enfin j'espère) sur ce qui retient mon attention en matière de sécurité informatique....mais pas que.
Attention à tous, ce billet peut passer pour le billet d'un vieux (de la Veille) un peu aigri et désabusé par rapport à cette nouvelle génération de "hackers" ou de "crackers" selon que vous lisiez ce billet à l'heure de l'apero ou tôt le matin. A tous ceux qui critiquent l'article et bien je le dis bien fort...... c'est pas faux, je suis vieux 
.
Donc voilà, tout commence avec ce petit article de HackInTheBox à propos de LulzSec et de leur raison d'être, leur manifesto comme on a l'habitude de dire.
LulzSec manifesto: "We screw each other over for a jolt of satisfaction"
http://news.hitb.org/content/lulzsec-manifesto-we-screw-each-other-over-jolt-satisfaction
http://arstechnica.com/tech-policy/news/2011/06/lulzsec-heres-why-we-hack-you-bitches.ars
Bien que je ne doute pas que les personnes de Lulzsec soient relativement compétentes en matière de compromission informatique, d'exploitations de failles, on est ici plus près d'une équipe de "technical wankers" (non traduit pour des raisons évidentes de politesse à l'ancienne) que d'une équipe de personnes ayant des convictions (comme certains Anonymous), un sens éthique (comme des Whitehats), une volonté de partage (comme des petits blogueurs), d'élargissement de son savoir (comme tous ceux-là), etc.....
En effet, la lecture du manifesto de LulzSec (http://pastebin.com/HZtH523f) me laisse bien pantois. Je vous laisse lire ci-dessous si vous craignez les URLs courtes ce que je peux comprendre.
Dear Internets,
This is Lulz Security, better known as those evil bastards from twitter. We just hit 1000 tweets, and as such we thought it best to have a little chit-chat with our friends (and foes).
For the past month and a bit, we've been causing mayhem and chaos throughout the Internet, attacking several targets including PBS, Sony, Fox, porn websites, FBI, CIA, the U.S. government, Sony some more, online gaming servers (by request of callers, not by our own choice), Sony again, and of course our good friend Sony.
While we've gained many, many supporters, we do have a mass of enemies, albeit mainly gamers. The main anti-LulzSec argument suggests that we're going to bring down more Internet laws by continuing our public shenanigans, and that our actions are causing clowns with pens to write new rules for you. But what if we just hadn't released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony... watching... abusing...
Do you think every hacker announces everything they've hacked? We certainly haven't, and we're damn sure others are playing the silent game. Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn't silently sitting inside all of these right now, sniping out individual people, or perhaps selling them off? You are a peon to these people. A toy. A string of characters with a value.
This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't released something publicly. We're sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn't told you? No one would be aware of this theft, and we'd have a fresh 200,000 peons to abuse, completely unaware of a breach.
Yes, yes, there's always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone's Facebook picture turn into a penis and seeing their sister's shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can't secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.
Most of you reading this love the idea of wrecking someone else's online experience anonymously. It's appealing and unique, there are no two account hijackings that are the same, no two suddenly enraged girlfriends with the same expression when you admit to killing prostitutes from her boyfriend's recently stolen MSN account, and there's certainly no limit to the lulz lizardry that we all partake in on some level.
And that's all there is to it, that's what appeals to our Internet generation. We're attracted to fast-changing scenarios, we can't stand repetitiveness, and we want our shot of entertainment or we just go and browse something else, like an unimpressed zombie. Nyan-nyan-nyan-nyan-nyan-nyan-nyan-nyan, anyway...
Nobody is truly causing the Internet to slip one way or the other, it's an inevitable outcome for us humans. We find, we nom nom nom, we move onto something else that's yummier. We've been entertaining you 1000 times with 140 characters or less, and we'll continue creating things that are exciting and new until we're brought to justice, which we might well be. But you know, we just don't give a living fuck at this point - you'll forget about us in 3 months' time when there's a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle. People who can make things work better within this rectangle have power over others; the whitehats who charge $10,000 for something we could teach you how to do over the course of a weekend, providing you aren't mentally disabled.
This is the Internet, where we screw each other over for a jolt of satisfaction. There are peons and lulz lizards; trolls and victims. There's losers that post shit they think matters, and other losers telling them their shit does not matter. In this situation, we are both of these parties, because we're fully aware that every single person that reached this final sentence just wasted a few moments of their time.
Thank you, bitches.
Lulz Security
Personnellement si je devais me réferer à un manifesto disponible sur le Net, je serais plus enclin à citer "The Hacker Manifesto" de The Mentor disponible sur Phrack Magazine. Oh pétard, c'est là que je vois que je suis vieux. Ca date de 1986.
==Phrack Inc.==
Volume One, Issue 7, Phile 3 of 10
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
The following was written shortly after my arrest...
\/\The Conscience of a Hacker/\/
by
+++The Mentor+++
Written on January 8, 1986
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Another one got caught today, it's all over the papers. "Teenager
Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Damn kids. They're all alike.
But did you, in your three-piece psychology and 1950's technobrain,
ever take a look behind the eyes of the hacker? Did you ever wonder what
made him tick, what forces shaped him, what may have molded him?
I am a hacker, enter my world...
Mine is a world that begins with school... I'm smarter than most of
the other kids, this crap they teach us bores me...
Damn underachiever. They're all alike.
I'm in junior high or high school. I've listened to teachers explain
for the fifteenth time how to reduce a fraction. I understand it. "No, Ms.
Smith, I didn't show my work. I did it in my head..."
Damn kid. Probably copied it. They're all alike.
I made a discovery today. I found a computer. Wait a second, this is
cool. It does what I want it to. If it makes a mistake, it's because I
screwed it up. Not because it doesn't like me...
Or feels threatened by me...
Or thinks I'm a smart ass...
Or doesn't like teaching and shouldn't be here...
Damn kid. All he does is play games. They're all alike.
And then it happened... a door opened to a world... rushing through
the phone line like heroin through an addict's veins, an electronic pulse is
sent out, a refuge from the day-to-day incompetencies is sought... a board is
found.
"This is it... this is where I belong..."
I know everyone here... even if I've never met them, never talked to
them, may never hear from them again... I know you all...
Damn kid. Tying up the phone line again. They're all alike...
You bet your ass we're all alike... we've been spoon-fed baby food at
school when we hungered for steak... the bits of meat that you did let slip
through were pre-chewed and tasteless. We've been dominated by sadists, or
ignored by the apathetic. The few that had something to teach found us will-
ing pupils, but those few are like drops of water in the desert.
This is our world now... the world of the electron and the switch, the
beauty of the baud. We make use of a service already existing without paying
for what could be dirt-cheap if it wasn't run by profiteering gluttons, and
you call us criminals. We explore... and you call us criminals. We seek
after knowledge... and you call us criminals. We exist without skin color,
without nationality, without religious bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to us
and try to make us believe it's for our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is
that of judging people by what they say and think, not what they look like.
My crime is that of outsmarting you, something that you will never forgive me
for.
I am a hacker, and this is my manifesto. You may stop this individual,
but you can't stop us all... after all, we're all alike.
+++The Mentor+++
Mais bon c'est un problème de génération je pense. Et je constate que je suis un vieux. C'est une question d'approche, celle de LulzSec n'est pas la mienne et je pense que cela ne sera jamais la mienne.
Cette petite réflexion est aussi proche du débat interminable entre le full disclosure et le partial disclosure, même si, pour le coup, dans certains cas particuliers je suis prêt à changer mon fusil d'épaule (Les écueils du partial disclosure...).
C'est comme en humour, on n'a pas tous le même...............
Tristan
/https%3A%2F%2Fassets.over-blog.com%2Ft%2Fcedistic%2Fcamera.png)
/image%2F0999431%2F20171231%2Fob_01a7bc_dsys3jsueaawem3.jpg)
/image%2F0999431%2F20170101%2Fob_6af365_c1affncxaaa9biq.jpg)