Lulzsec exposed: http://lulzsecexposed.blogspot.com/. Apparently.
Take the information they’ve gathered with a pinch of salt of course, they don’t seem to be too big on the whole evidence and methodology thing. I mention it more as it represents an event in the lulzsec soap opera rather than because it’s a reliable source of information.
The thing with Lulzsec is this: if they managed to rampage through the interwebs and lift thousands and thousands of people’s personal information from servers with seemingly very little effort, how many *other* people are doing this quietly and are making money off it? It is not particularly hard to write a secure web site, you just need to understand a few things and follow some good practices. Most hobbyists writing their own sites do these things as a matter of habit because they’re horrified by the idea of someone else getting access to their server. Whereas, it seems some companies don’t care much or they just hire the cheapest programmer who promises to get it done the fastest without regard to things like security. That would be their decision, but it’s the general public who have to deal with the problems when the site gets hacked and their data is leaked.
There are laws about the proper storing of sensitive data in the UK, but the laws have generally failed in that they’re not enforced effectively. If nothing else, Lulzsec has added public embarrassment to the potential penalties for failing to protect data adequately. If that makes a few companies re-evaluate their “no one will hack us, let’s not bother” approach to security then we can at least say something good happened. And maybe it will make the ICO* take its job a bit more seriously instead of spending all day coming up with stupid new laws about cookies.
* Responsible for enforcing the data protection act in the UK. So it claims, anyway.