My docs are in the stratfor leak.

I’m not too worried though; everything in there is either out of date (i.e. that credit card already expired and I have a new one now), my password was used only on that site (but was a 22 character phrase with punctuation), and that email address was only used for stratfor. My address was also already published due to my domain names (most of which are now privately registered, but I couldn’t always afford that).

Now that I have a doc drop that actually affects me (the mtgox break-in gathered a similarly difficult and unique password, and besides some spamming from idiots trying to exploit the situation with new bitcoin services there was no fallout), I can talk about what I think of the spate of LulzSec-style attacks this year. And that is - getting mad at Anonymous, LulzSec, AntiSec, or whatever the nom du jour is, is an exercise in futility and ignorance. It’s like getting mad at your five year old for getting into the cookie jar you left on the kitchen table. Your antiquated and ineffective security mechanism (the kid couldn’t possibly get on the table) should have been replaced by something more effective (maybe locking it in the pantry, overkill for a cookie jar though).

The issue is it’s 2011 (almost 2012) and we’ve been doing this for a while now. The rampant incompetence of people setting up these sites should be made a crime. That would be a far better use of legislative effort than the brain dead attempts at anti-piracy we’re seeing now. The script kiddies aren’t exhibiting any serious talent, the security (I use the term loosely here) people are setting up is juvenile.

Afterthoughts:

As gyardley pointed out on hackerne.ws, when I compare the LulzSec-type script kiddies to five-year-olds, I don’t mean to create the impression that they shouldn’t be held legally liable. I do fear, however, that focusing on legal actions against those responsible will cause us to lose focus on the bigger problem.