Gawker Security Breach Could Lead to More Attacks

Technology • Views: 25,328

The Gawker network security breach is shaping up to be quite serious. PBS has a report with more details on the kind of information that was exposed when hackers (possibly from 4chan) broke into the Gawker database: Gawker Data Breach Could Lead to Attacks on Government Agencies.

Gawker Media, one of the web’s largest publishers, has been hacked. The insides of the multiple websites within their portfolio, their 1.3 million user names, e-mail addresses and passwords, are now splayed all across the Internet for anyone to see. All the data was uploaded to the bit torrent file sharing network late Sunday afternoon, meaning anyone from Dallas to Dbruvnik to Djibouti can have a look.

The PBS NewsHour has learned that a select sub-list of what appear to be e-mail addresses and passwords of employees from federal, state and local government agencies were parsed separately for potential future attacks. They may have been used as part of Operation Payback, or another one of the initiatives launched by the so-called “Anonymous” cyber movement that has grown in scope since the release of secret documents by the web site WikiLeaks. …

The list appears to include a wide range of government agencies from King County in Washington State to mission controllers at NASA to a chief of staff for a member of Congress.

What follows are the instructions attached to the selected government addresses from inside an Anonymous chat room:

“These passwords are from an on going operation outside of (REDACTED) do not distribute outside of (REDACTED). Doing so will only jeopordize the serious lulz fest about to hit the internet in the coming months.

These people more than likely use the same pass everywhere. Try to gain access to the @email STMP using the email/pass combination also google their email address to find other accounts on the inernet they may have and try their password with said accounts.

If the people in this dump have admin/mod rights there maybe other sensitive information worth disclosing to the internet, scrape any and all information you can and dont be XXXXing stupid, these are government officials, use many layers of proxies and report back any lulz to (REDACTED).”

Do I need to remind anyone that if you had an account on any of the Gawker sites, you should immediately change your passwords? And if you used the same password on other sites, change it there too. (To something different this time.)

Here’s a page at Lifehacker, with information from Gawker about the hack: FAQ: Compromised Commenting Accounts on Gawker Media.

There’s a huge gaping hole in all of these stories though; not one of them contains the method that was used to gain access to Gawker’s servers. I would very much like to know more details about how this attack occurred — if it was a simple matter of an editor using an insecure password, or if some other technique was used.

Jump to bottom

82 comments
1 jamesfirecat  Mon, Dec 13, 2010 10:39:24am

They may not want to mention the method for fear of inspiring coppy cats sadly...

2 Killgore Trout  Mon, Dec 13, 2010 10:40:09am
I would very much like to know more details about how this attack occurred — if it was a simple matter of an editor using an insecure password, or if some other technique was used.

I read a technical article on it yesterday. It was far over my head, I doubt i can find the link again.

3 Stanghazi  Mon, Dec 13, 2010 10:41:05am

(typo alert in heading)

4 Obdicut  Mon, Dec 13, 2010 10:42:44am

I can't believe they didn't salt the hashes.

And for another technical note, this 'leak' is going on on bittorrent-- this is what those crazy kids mean when they say that shutting down Wikileaks won't stop the distribution of leaked (or hacked) information.

5 Locker  Mon, Dec 13, 2010 10:44:21am

PBS is such a valuable source of information. One of the best things our country has produced. Personal opinion of course.

6 Kragar  Mon, Dec 13, 2010 10:44:24am

I wonder how many lulz they'll have in prison?

7 researchok  Mon, Dec 13, 2010 10:44:37am

I don't know a damn thing about the technical aspect of this- I'll rely on LGF and commenters for that- but I was pretty startled to read I ought to be changing all my passwords as a precautionary measure as suggested in the lifehacker article.

8 Big Steve  Mon, Dec 13, 2010 10:44:54am

This is why I am blog monogamous......I only comment here. Aren't you all lucky! I trust Charles to be bullet proof!

9 elizajane  Mon, Dec 13, 2010 10:47:00am

Thank you for alerting us to all this, Charles.
I have changed my Amazon password and my e-mail password to more complicated things. Now they do not match my LGF password!

10 Killgore Trout  Mon, Dec 13, 2010 10:47:03am

Like Gawker, McDonalds targeted by hackers.

There was another hack that didn’t quite make the headlines, occuring on Friday but only coming to light as of now. It appears that late on Friday, McDonald’s was subject to an attack by hackers, with email addresses and phone numbers, amongst other data, compromised.

McDonald’s immediately sent an email to customers notifying them of the potential data breach, warning them to be wary of any further contact from the fast food retailer asking for personal or financial data.

11 Obdicut  Mon, Dec 13, 2010 10:48:29am

re: #7 researchok

Here's the lowdown:

They used a pretty insecure way of encrypting the passwords. They used a method so that if your password was, say, 'password', and someone else's was 'password', those would both come out, after hashing (running through an algorithm) to R37FF73 or whatever.

This makes the algorithm very, very vulnerable to dictionary attacks.

Salting is adding random* numbers to the beginning of passwords, so even if you chose 'password' and someone else chose 'password', your passwords would look totally different.

The reason to change passwords at other sites is because most people use the same password at other sites, including their email.

*nothing is really random.

12 RurouniKenshin  Mon, Dec 13, 2010 10:48:32am

I'm guessing, however, that if you used Facebook Connect to comment on Gawker sites, you should be fine.

13 Fozzie Bear  Mon, Dec 13, 2010 10:48:50am

re: #7 researchok

I don't know a damn thing about the technical aspect of this- I'll rely on LGF and commenters for that- but I was pretty startled to read I ought to be changing all my passwords as a precautionary measure as suggested in the lifehacker article.

Just use a unique password for each and every thing you use that requires a password, and the damage you could suffer in such a situation will be minimal. That's really all you can do, and it goes a long way.

14 jamesfirecat  Mon, Dec 13, 2010 10:48:53am

re: #4 Obdicut

I can't believe they didn't salt the hashes.

And for another technical note, this 'leak' is going on on bittorrent-- this is what those crazy kids mean when they say that shutting down Wikileaks won't stop the distribution of leaked (or hacked) information.

"I can't believe they didn't salt the hashes."

That sounds like the kind of advice you'd be more likely to hear on a cooking show.

15 jamesfirecat  Mon, Dec 13, 2010 10:49:37am

re: #6 Kragar (Proud to be Kafir)

I wonder how many lulz they'll have in prison?

Umm.. didn't somebody post something saying Anonomys wasn't responsible/wasn't claiming credit for this attack?

16 Locker  Mon, Dec 13, 2010 10:50:42am

re: #11 Obdicut

Well said and yes, the point is to change your password on any site where you use the same account name/email address and password combination.

17 Fozzie Bear  Mon, Dec 13, 2010 10:50:57am

Another tip: create a separate email account for everything you do that isn't important. I.e., do your banking, personal email, etc, on one account, and use a "junk" account for creating accounts for blog commenting, shopping, and the like.

18 Fozzie Bear  Mon, Dec 13, 2010 10:51:42am

re: #15 jamesfirecat

Umm.. didn't somebody post something saying Anonomys wasn't responsible/wasn't claiming credit for this attack?

People keep mistaking anon for a real thing.

19 Kragar  Mon, Dec 13, 2010 10:51:47am

re: #15 jamesfirecat

Umm.. didn't somebody post something saying Anonomys wasn't responsible/wasn't claiming credit for this attack?

And yet they then begin dicussing how to use the information to break into people's private emails and publish what they find.

These idiots don't know what they're getting into.

20 Charles Johnson  Mon, Dec 13, 2010 10:55:13am

Part of the stuff released -- a screen shot of an internal Gawker chat session in which they KNEW the attack was taking place weeks ago -- but because it only affected their users, it didn't matter. Quote: "just the peasants."

Nice. That arrogant snotty attitude you see on Gawker sites goes all the way to the top.

21 researchok  Mon, Dec 13, 2010 10:55:22am

re: #11 Obdicut

Here's the lowdown:

They used a pretty insecure way of encrypting the passwords. They used a method so that if your password was, say, 'password', and someone else's was 'password', those would both come out, after hashing (running through an algorithm) to R37FF73 or whatever.

This makes the algorithm very, very vulnerable to dictionary attacks.

Salting is adding random* numbers to the beginning of passwords, so even if you chose 'password' and someone else chose 'password', your passwords would look totally different.

The reason to change passwords at other sites is because most people use the same password at other sites, including their email.

*nothing is really random.

Well, I'm on it now.

If i were to add numbers to my password, is there an 'optimum' number of digits? Or the more the better?

22 Big Steve  Mon, Dec 13, 2010 10:55:45am

I wish someone on this site would create a short one page "how to" sheet for protecting oneself in the internet world. Lets face it, creating a whole new ID/password combo for every application is just flat unreasonable and would require writing them all down or putting them in the safe on one's phone, leaving you equally vulnerable if it is lost.

23 BishopX  Mon, Dec 13, 2010 10:56:32am

re: #15 jamesfirecat

Yes. People with access to the stolen database and several other pieces of gawkers code, have spoken with both The Next Web and Mediaite. They claim they are not affiliated with 4chan or operation payback.

That being said, some of the user-names/passwords have been posted on 4chan. The Hackers also apparently released the encrypted database as a torrent. If what Obdicut is saying is right, anyone with access to Google and half a brain can decrypt some of the passwords.

24 Kronocide  Mon, Dec 13, 2010 10:56:59am

Has the possibility of a Gawker employee being a WikiLeaks/Anonymous symp providing some backdoor information or was this a clear front or back door assault?

Really, why hack Gawker? Is it because it was just easy? There's so many other targets out there.

25 CuriousLurker  Mon, Dec 13, 2010 10:57:34am
I would very much like to know more details about how this attack occurred — if it was a simple matter of an editor using an insecure password, or if some other technique was used.

I'd like to know too, but I'm thinking it must have been more serious than an editor using a crappy password if they were able to access the source code (unless they gave editors super admin privileges and/or full FTP or shell access, which would be just plain stupid, IMO).

26 Interesting Times  Mon, Dec 13, 2010 10:57:40am

re: #21 researchok

If i were to add numbers to my password, is there an 'optimum' number of digits? Or the more the better?

Here's a method I described earlier that should be good enough.

27 Charles Johnson  Mon, Dec 13, 2010 10:57:53am

re: #11 Obdicut

Also, to encrypt the passwords, they apparently used the very old, very insecure DES encryption algorithm that was cracked in 1990. This is probably a more serious problem than failing to salt the hashes -- these passwords could be pretty easily cracked even if they were salted.

28 researchok  Mon, Dec 13, 2010 10:58:44am

re: #27 Charles

How many letters/digits can LGF passwords include?

29 researchok  Mon, Dec 13, 2010 10:59:47am

re: #26 publicityStunted

Here's a method I described earlier that should be good enough.

Thank you.

Ballbreaker.

//

30 Gus  Mon, Dec 13, 2010 10:59:52am

re: #28 researchok

How many letters/digits can LGF passwords include?

Hey, researchok, you're at gmail right?

31 lawhawk  Mon, Dec 13, 2010 10:59:59am

re: #20 Charles

Lovely attitude they have over there. I wont be surprised when the lawsuits start rolling in demanding compensation for any economic damage done to users who had their information stolen in the hack.

It also raises additional questions about their security and confidentiality of information shared with 3d party sites. If they care so little about their customers personal data knowing that a hack is underway, what makes anyone think that their data protection on day to day ops is any better?

Gawker (the entire company, not just the singular website) is in for a world of hurt. And justly deserved.

32 Fozzie Bear  Mon, Dec 13, 2010 11:00:03am

re: #28 researchok

How many letters/digits can LGF passwords include?

Salting and adding numbers to the password itself are two different things. The terms I think are confusing.

33 researchok  Mon, Dec 13, 2010 11:00:42am

re: #32 Fozzie Bear

Salting and adding numbers to the password itself are two different things. The terms I think are confusing.

En anglais, s'il vous plait.

34 researchok  Mon, Dec 13, 2010 11:01:06am

re: #30 Gus 802

Hey, researchok, you're at gmail right?

yup

35 Decatur Deb  Mon, Dec 13, 2010 11:01:09am

re: #24 BigPapa

Has the possibility of a Gawker employee being a WikiLeaks/Anonymous symp providing some backdoor information or was this a clear front or back door assault?

Really, why hack Gawker? Is it because it was just easy? There's so many other targets out there.

Gawker has attacked (mocked) 4chan over other stunts.

36 Charles Johnson  Mon, Dec 13, 2010 11:01:55am

re: #28 researchok

How many letters/digits can LGF passwords include?

LGF passwords can be 6-12 characters, any combination of numbers and letters.

37 CuriousLurker  Mon, Dec 13, 2010 11:01:58am

re: #21 researchok

FWIW I often use non-English words and then substitute characters as publicityStunted described.

38 Obdicut  Mon, Dec 13, 2010 11:02:10am

re: #21 researchok

Well, I'm on it now.

If i were to add numbers to my password, is there an 'optimum' number of digits? Or the more the better?

Well, I want to stress that 'salting' isn't you adding numbers, it's the encryption program used by the website doing it.

The best passwords are either

A) Really long or

B) Nowhere near dictionary

So, if there's unlimited characters, using "NotIllNotCarrionComfortDespairNotFeastOnTheeNotUntwistSlackTheyMayBeTheseLastStrandsOfManInMe" would be highly secure, and easy to remember (though would take a moment to type, it's actually a fun way to do passwords).

If there's limited characters, using something like "5h4k3sp34R3" is a good option.

However, most people will not do this, unless you force it. So most sites allow you to just use "Pickle" or "password" or "god" or "private".

So in order to protect those passwords, in the event someone gains access to the database-- or just from the people who work at the site-- passwords are not generally stored 'in the clear'-- unencrypted. They're stored after being passed through a one-way algorithm that changes it to a hash value-- the value that you can get only* if you pass that word through that algorithm. Then, when you enter your password, the site doesn't actually compare your password to the stored one, it compares the hash that's generated then to the hash of your password.

If it's 'unsalted', then it's a lot easier (though that's relative) to crack the algorithm with a dictionary attack and figure out passwords that are "Dictionary"-- simple words. Salting destroys that, and is a very, very basic security measure.

*not really, but for our purposes, only.

39 Charles Johnson  Mon, Dec 13, 2010 11:03:38am

One of the best ways to be secure is to use 1Password:

[Link: agilewebsolutions.com...]

This is a fantastic program -- I have it on all my systems. It lets you use completely different random passwords for every site. All you have to remember is one master password.

40 Obdicut  Mon, Dec 13, 2010 11:03:50am

re: #38 Obdicut

Acutally, I think there's at least one l337 dictionary attack out there, so instead of 5h4k3sp34R3, use 5h4!3sp34r3 instead.

41 CuriousLurker  Mon, Dec 13, 2010 11:03:58am

re: #35 Decatur Deb

Yeah, it's never a good idea to taunt hacker types.

42 Decatur Deb  Mon, Dec 13, 2010 11:04:57am

re: #37 CuriousLurker

FWIW I often use non-English words and then substitute characters as publicityStunted described.

Our mundane Army agency issued "random" license-plate alphanumeric passwords, with no dictionary combinations allowed. They were changed frequently. We didn't trust them much.

43 BishopX  Mon, Dec 13, 2010 11:05:41am

re: #22 Big Steve

It's really, really easy:

1)use multiple email address, all with different passwords.

2)keep everything you don't care about, isn't associated with your real name, social security number or financial info, associated with one email account, you can probably get away with using the same (strong) password here. After all there isn't really any risk if this gets cracked.

3) Keep everything associated with your real name under a separate password than the email account it is associated with. Multiple strong passwords won't hurt here.

If you are having trouble remembering your passwords write them down on a piece of PAPER (not on your computer!) that you keep in a safe place (your wallet, anywhere you would keep financial info). Don't every have your user name, password and the site it corresponds to written down in the same place (in case you lose the paper).

44 Gus  Mon, Dec 13, 2010 11:05:44am

re: #34 researchok

yup

Sent you a note.

45 Lord Baron Viscount Duke Earl Count Planckton  Mon, Dec 13, 2010 11:06:27am

re: #41 CuriousLurker

Yeah, it's never a good idea to taunt hacker types.

This x 1000. I've seen so many people hacked (blogs and emails) when all they had to do is keep mum and not taunt some infamous jerks.

46 Fozzie Bear  Mon, Dec 13, 2010 11:06:47am

The really short version of what Obdi said is that salting a hash makes it so that one could not use the raw hash to authenticate. I.e., it means just stealing the hash files off the server doesn't expose your password.

47 webevintage  Mon, Dec 13, 2010 11:08:18am

re: #43 BishopX

3) Keep everything associated with your real name under a separate password than the email account it is associated with. Multiple strong passwords won't hurt here.

Thank you.
I've tried to be pretty good about passwords, but this is one thing I did not know about.

48 Decatur Deb  Mon, Dec 13, 2010 11:08:55am

re: #43 BishopX

It's really, really easy:

1)use multiple email address, all with different passwords.

2)keep everything you don't care about, isn't associated with your real name, social security number or financial info, associated with one email account, you can probably get away with using the same (strong) password here. After all there isn't really any risk if this gets cracked.

3) Keep everything associated with your real name under a separate password than the email account it is associated with. Multiple strong passwords won't hurt here.

If you are having trouble remembering your passwords write them down on a piece of PAPER (not on your computer!) that you keep in a safe place (your wallet, anywhere you would keep financial info). Don't every have your user name, password and the site it corresponds to written down in the same place (in case you lose the paper).

Another strategy:

Have very few secrets.
Have very few public communications
Compartmentalize everything important. (We have a separate debit card established to feed paypal and online purchases. There is never more than a couple hundred in that account, or that bank.)

49 Big Steve  Mon, Dec 13, 2010 11:09:06am

re: #39 Charles

One of the best ways to be secure is to use 1Password:

[Link: agilewebsolutions.com...]

This is a fantastic program -- I have it on all my systems. It lets you use completely different random passwords for every site. All you have to remember is one master password.

DAMN....doesn't have a Blackberry app yet.

50 CuriousLurker  Mon, Dec 13, 2010 11:10:14am

re: #45 Sergey Romanov

Exactly. It doesn't excuse the hackers, but it's kinda like walking up to a known crack house and taunting the drug dealers. Generally not a wise thing to do.

51 Fozzie Bear  Mon, Dec 13, 2010 11:12:30am

re: #41 CuriousLurker

Yeah, it's never a good idea to taunt hacker types.

It's fine to taunt the crap out of them if you aren't using security methods with widely known script-kiddie cracks available, such as DES.

52 Interesting Times  Mon, Dec 13, 2010 11:15:14am

Here's a cool tool for generating passwords, allowing you to set things like number of passwords generated, length of passwords, complexity, etc.

53 Slumbering Behemoth Stinks  Mon, Dec 13, 2010 11:15:38am
What follows are the instructions attached to the selected government addresses from inside an Anonymous chat room:

“These passwords are from an on going operation outside of (REDACTED) do not distribute outside of (REDACTED). Doing so will only jeopordize the serious lulz fest about to hit the internet in the coming months.

Ah, for the lulz. And possibly, life in prison.

54 CuriousLurker  Mon, Dec 13, 2010 11:21:05am

re: #51 Fozzie Bear

It's fine to taunt the crap out of them if you aren't using security methods with widely known script-kiddie cracks available, such as DES.

I disagree. Even without any taunts the best security systems get breached from time to time. The people I know who are responsible for large networks have their hands full without inviting additional trouble.

55 BishopX  Mon, Dec 13, 2010 11:21:34am

The is an update on Mediaite.

They don't give technical details of the attacks, citing a desire to protect themselves, but say they plan on releasing all of Gawkers source code, along with a document pointing out severity flaws.

As for the motivation behind the attack, Gnosis (the hacker) said this:

We went after Gawker because of their outright arrogance. It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database.

We found an interesting quote in their Campfire logs:

Hamilton N.: Nick Denton Says Bring It On 4Chan, Right to My Home Address (After
The Jump)

Ryan T.: We Are Not Scared of 4chan Here at 210 Elizabeth St NY NY 10012

I mean if you say things like that, and attack sites like 4chan (Which we are not affiliated to) you must at least have the means to back yourself up. We considered what action we would take, and decided that the Gawkmedia “empire” needs to be brought down a peg or two. Our groups mission? We don’t have one.

We will be releasing the full source code dump along with the database at 9PM GMT today. You are the only outlet we have told the release time.

56 CuriousLurker  Mon, Dec 13, 2010 11:23:56am

Gotta make a cigarette run. BBL...

57 researchok  Mon, Dec 13, 2010 11:24:43am

re: #40 Obdicut

Acutally, I think there's at least one l337 dictionary attack out there, so instead of 5h4k3sp34R3, use 5h4!3sp34r3 instead.

You do understand why we'll never be friends, right?

///

58 researchok  Mon, Dec 13, 2010 11:26:08am

re: #48 Decatur Deb

Another strategy:

Have very few secrets.
Have very few public communications
Compartmentalize everything important. (We have a separate debit card established to feed paypal and online purchases. There is never more than a couple hundred in that account, or that bank.)

Oh yeah, I'll sleep tonight.
/

59 Fozzie Bear  Mon, Dec 13, 2010 11:29:28am

re: #58 researchok

Oh yeah, I'll sleep tonight.
/

Make sure you unplug your webcam. THE WALLS HAVE EYES!!!!

60 researchok  Mon, Dec 13, 2010 11:31:00am

re: #59 Fozzie Bear

Make sure you unplug your webcam. THE WALLS HAVE EYES!!!

I bought a webcam but after a while, it and the mic on my headphones stopped working.

I could never get them to work properly again.

61 spiramirabilis  Mon, Dec 13, 2010 11:31:12am

I bet it was SQL injection.

62 Fozzie Bear  Mon, Dec 13, 2010 11:31:34am

re: #60 researchok

I bought a webcam but after a while, it and the mic on my headphones stopped working.

I could never get them to work properly again.

Don't worry, it's just because hackers have taken control of it and are watching you when you masturbate. /

63 Slumbering Behemoth Stinks  Mon, Dec 13, 2010 11:33:59am

re: #62 Fozzie Bear

Don't worry, it's just because hackers have taken control of it and are watching you when you masturbate. /

Thieving bastards! I'm supposed to get paid for that.
/

64 Kragar  Mon, Dec 13, 2010 11:35:28am

re: #63 Slumbering Behemoth

Thieving bastards! I'm supposed to get paid for that.
/

The first 3 minutes are free.

65 researchok  Mon, Dec 13, 2010 11:35:42am

re: #62 Fozzie Bear

Don't worry, it's just because hackers have taken control of it and are watching you when you masturbate. /

You are not a well person.

Which is a plus in my book, despite your questionable political views.

66 researchok  Mon, Dec 13, 2010 11:36:29am

Opinions of lastpass?

67 Slumbering Behemoth Stinks  Mon, Dec 13, 2010 11:36:40am

re: #64 Kragar (Proud to be Kafir)

What the...

I can't have a policy like that. Are you trying to make me go broke?
/

68 Fozzie Bear  Mon, Dec 13, 2010 11:37:10am

re: #65 researchok

You are not a well person.

Which is a plus in my book, despite your questionable political views.

I know in my heart you are right.

Oh, and you should totally get that mole looked at. /

69 researchok  Mon, Dec 13, 2010 11:37:37am

re: #68 Fozzie Bear

I know in my heart you are right.

Oh, and you should totally get that mole looked at. /

LOLOL

70 WINDUPBIRD DISEASE [S.K.U.M.M.]  Mon, Dec 13, 2010 11:39:21am

re: #4 Obdicut

I can't believe they didn't salt the hashes.

And for another technical note, this 'leak' is going on on bittorrent-- this is what those crazy kids mean when they say that shutting down Wikileaks won't stop the distribution of leaked (or hacked) information.

yep

71 TedStriker  Mon, Dec 13, 2010 11:57:31am

re: #39 Charles

One of the best ways to be secure is to use 1Password:

[Link: agilewebsolutions.com...]

This is a fantastic program -- I have it on all my systems. It lets you use completely different random passwords for every site. All you have to remember is one master password.

I've used KeePass and LastPass....very handy.

72 Usually refered to as anyways  Mon, Dec 13, 2010 12:14:12pm

re: #41 CuriousLurker

Yeah, it's never a good idea to taunt hacker types.

Like calling them 'Script Kiddies' on blogs that are discussing them?

73 Usually refered to as anyways  Mon, Dec 13, 2010 12:16:23pm

re: #51 Fozzie Bear

It's fine to taunt the crap out of them if you aren't using security methods with widely known script-kiddie cracks available, such as DES.

It's not going to stop DOD reprisals though, and not everyone has a server farm that can cope well.

74 CuriousLurker  Mon, Dec 13, 2010 12:26:02pm

re: #72 ozbloke

Like calling them 'Script Kiddies' on blogs that are discussing them?

Eh, not really, but if Charles was posting articles taunting or directly challenging a specific group or community I'd probably be a little nervous.

Actually, I take that back. Signing up here only requires a user name, password, and email address. The password I use for this site isn't used for any others, ditto for the disposable email address, so it really wouldn't be a big deal in terms of personal info.

75 Fozzie Bear  Mon, Dec 13, 2010 12:30:44pm

re: #74 CuriousLurker

Eh, not really, but if Charles was posting articles taunting or directly challenging a specific group or community I'd probably be a little nervous.

Actually, I take that back. Signing up here only requires a user name, password, and email address. The password I use for this site isn't used for any others, ditto for the disposable email address, so it really wouldn't be a big deal in terms of personal info.

Yep. There's no threat at all to the users if you don't re-use passwords, and you use a suitably anonymous email account to sign up. At least not for a service like a blog.

I mean, what's the worst that could happen? They can post comments under your pseudonym? oooooooooo

76 CuriousLurker  Mon, Dec 13, 2010 12:36:50pm

re: #75 Fozzie Bear

Yeah, Charles would be the one with the most to lose, and I assume he has backups of everything. Still, it would be a PITA for him.

77 Fozzie Bear  Mon, Dec 13, 2010 12:39:54pm

re: #76 CuriousLurker

Yeah, Charles would be the one with the most to lose, and I assume he has backups of everything. Still, it would be a PITA for him.

Yeah, that's true. It would suck for Charles.

78 Usually refered to as anyways  Mon, Dec 13, 2010 12:41:00pm

re: #74 CuriousLurker

Eh, not really, but if Charles was posting articles taunting or directly challenging a specific group or community I'd probably be a little nervous.

Actually, I take that back. Signing up here only requires a user name, password, and email address. The password I use for this site isn't used for any others, ditto for the disposable email address, so it really wouldn't be a big deal in terms of personal info.

Thats good to hear for you.

What if a monitors email was compromised.
What if it was on and off DOS attacks, would Charles advertisers appreciate that?

79 CuriousLurker  Mon, Dec 13, 2010 12:59:13pm

re: #78 ozbloke

Thats good to hear for you.

What if a monitors email was compromised.
What if it was on and off DOS attacks, would Charles advertisers appreciate that?

As for his monitors, I assume he has enough sense to choose people who know enough to use best practices. I have no idea how he has things set up, but since he did everything himself I'd be willing to bet that user permissions are pretty granular.

As for DoS or DDoS attacks, there's not much anyone can do to avoid them on a public-facing site except deal with them as they happen.

80 Usually refered to as anyways  Mon, Dec 13, 2010 1:04:20pm

re: #79 CuriousLurker

As for his monitors, I assume he has enough sense to choose people who know enough to use best practices. I have no idea how he has things set up, but since he did everything himself I'd be willing to bet that user permissions are pretty granular.

As for DoS or DDoS attacks, there's not much anyone can do to avoid them on a public-facing site except deal with them as they happen.

Hi CL,
I agree with both your points.
I would like so see the conversations on wikileaks based on fact and kept level headed.

It would seem that there is a lot of emotion coming out on both sides.

81 Usually refered to as anyways  Mon, Dec 13, 2010 1:09:43pm

re: #80 ozbloke

Hi CL,
I agree with both your points.
I would like so see the conversations on wikileaks based on fact and kept level headed.

It would seem that there is a lot of emotion coming out on both sides.

It also seems we have come to a point where arguments are being made to discredit authors instead of arguing points based on merit.

This will only cause division, sad really, as hearing both sides is what I like about LGF.

Oh, covering my arse here, I am not speaking about you.

82 CuriousLurker  Mon, Dec 13, 2010 1:18:20pm

re: #80 ozbloke

Hi CL,
I agree with both your points.
I would like so see the conversations on wikileaks based on fact and kept level headed.

It would seem that there is a lot of emotion coming out on both sides.

Some subjects have a way of triggering passions here. I try to stay out of those discussions as I have a fairly short temper myself and don't need the additional agita. I also try to stay out of discussions that involve things I'm not well-informed about, especially when passions are running high.

I think the whole WikiLeaks thing is interesting, but between my regular posts & work I don't have time to research the facts, so I'm keeping my trap shut for now. ;o)


This article has been archived.
Comments are closed.

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2023-04-04 11:11 am PDT LGF User's Guide RSS Feeds

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal Cash.app
Recent PagesClick to refresh
Once Praised, the Settlement to Help Sickened BP Oil Spill Workers Leaves Most With Nearly Nothing When a deadly explosion destroyed BP’s Deepwater Horizon drilling rig in the Gulf of Mexico, 134 million gallons of crude erupted into the sea over the next three months — and tens of thousands of ordinary people were hired ...
Cheechako
Yesterday
Views: 69 • Comments: 0 • Rating: 0
Texas County at Center of Border Fight Is Overwhelmed by Migrant Deaths EAGLE PASS, Tex. - The undertaker lighted a cigarette and held it between his latex-gloved fingers as he stood over the bloated body bag lying in the bed of his battered pickup truck. The woman had been fished out ...
Cheechako
4 days ago
Views: 169 • Comments: 0 • Rating: 1