Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sony Music Greece Falls To Hackers

samzenpus posted more than 3 years ago | from the kicking-them-while-they're-down dept.

Security 303

xsee writes "Hackers: 6, Sony: 0. It appears an attacker has performed a SQL injection attack against SonyMusic.gr. The latest attack has exposed usernames, real names, email addresses and more. Is Sony's network being used as the world's largest public penetration test?"

cancel ×

303 comments

Sorry! There are no comments related to the filter you selected.

SQL Injection... (5, Funny)

yarnosh (2055818) | more than 3 years ago | (#36213904)

The most preventable of all security holes. How sad.

Re:SQL Injection... (4, Interesting)

hedwards (940851) | more than 3 years ago | (#36213932)

I'm enjoying this for the lulz and the epic security fail. I just wish I could buy a drink for whomever it is that's doing this to Sony.

people are stealing user info (3, Insightful)

YesIAmAScript (886271) | more than 3 years ago | (#36214020)

And you're egging them on?

They aren't just doing this to Sony, they're doing this to the people who use the services too.

Take it from a person had a gawker account. When they were hacked, it caused a great inconvenience for me.

Re:people are stealing user info (5, Insightful)

fotbr (855184) | more than 3 years ago | (#36214038)

In this case....I don't feel sorry for anyone doing business with sony. From my point of view, they made their bed, now they get to lay in it.

Re:people are stealing user info (4, Insightful)

Killerchronic (1170217) | more than 3 years ago | (#36214078)

It maybe a problem for users but this is a serious wakeup call to said users, no your data is not as safe as you think it is when you are handing it over to all these companies, its about time the cracks were shown to customers and just how slack these companies can be in keeping their protocols and systems running correctly. I am still laughing, im not a sony fan in any way, shape or form, obviously its bad its happening but its hilarious that a company this big has such lax security and is being exposed on an almost daily basis.

Re:people are stealing user info (2)

naz404 (1282810) | more than 3 years ago | (#36214530)

Did Sony fall for Little Bobby Tables again?

http://xkcd.com/327/ [xkcd.com]

Re:people are stealing user info (0, Troll)

Anonymous Coward | more than 3 years ago | (#36214140)

It is your own fault giving inconvenient information away to the internet.

People like you have been warned since 2 decades now.

Stop whining and deal with the consequences of doing business with Sony.

Re:people are stealing user info (-1)

Anonymous Coward | more than 3 years ago | (#36214164)

This is how wars are won.. You burn the enemy to the ground until you get unconditional surrender. Screw em... Take no prisoners.. You're just collateral damage, and should know better than to give out sensitive information..

Re:people are stealing user info (0, Troll)

Anonymous Coward | more than 3 years ago | (#36214246)

People who use Sony, deserve it.

Re:people are stealing user info (2)

Isaac Remuant (1891806) | more than 3 years ago | (#36214274)

You're right. While we might enjoy this bullying because we dislike a company there is a larger context than, OMGZ 0WN3D!1!!!!11

I had a gawker account as well and, while it wasn't a problem for me to change my level lame password for that and other sites, it might turn out worse for other people.

Re:people are stealing user info (1, Interesting)

Anonymous Coward | more than 3 years ago | (#36214420)

Quite frankly we need more of this type of action where it can actually dent Sony's reputation. Sony is a horrible company you shouldn't be doing business with in the first place. The same can be said for Microsoft and Apple.

Re:people are stealing user info (5, Insightful)

LordLucless (582312) | more than 3 years ago | (#36214276)

So your saying, by doing this they're going to drive customers away from Sony, reduce their income stream, and eventually remove them from the world of global commerce?

Wow, that sounds...terrible

Re:people are stealing user info (1, Insightful)

JohnRoss1968 (574825) | more than 3 years ago | (#36214552)

At this point I would have to say this is SONY's fault.
How inept can your IT dept be.
They should just shut the whole thing down and redo it right, like they should have done it the first time.
3....
2....
1.....
Let the Fanboys commence defending SONY for their lackluster performance.

Re:people are stealing user info (4, Interesting)

hedwards (940851) | more than 3 years ago | (#36214566)

Honestly is this really that much worse than when Sony decides to vandalize customer equipment?

Sell short SNE (1)

ub3r n3u7r4l1st (1388939) | more than 3 years ago | (#36213950)

Time to sell short Sony stocks while we are at it.

Being positive here... apk (0)

Anonymous Coward | more than 3 years ago | (#36213972)

SONY now knows 1 good thing from this: How to stop it from happening again on this and other sites/domains they own & host websites from.

That's the only good result.

Now, they ought to do fixes based on that data for their own good now that it's been pointed out & for the good of their viewers.

(I hope that this thing wasn't anything that puts worse crap onto others' systems that visit it. Imo, those are the worst - spreads like plague).

I haven't read the "detailed findings" so far, only the summary type articles...

APK

P.S.=> In any event here, I'd think it's good to stay positive when things are looking down, & then do something about it once you're armed with data to look for, + fix it!

apk

Re:Being positive here... apk (4, Insightful)

compro01 (777531) | more than 3 years ago | (#36214126)

SONY now knows 1 good thing from this: How to stop it from happening again on this and other sites/domains they own & host websites from.

How to stop this particular attack.

Available evidence suggests they have no shortage of dailyWTF-worthy screwups that people can continue to exploit.

Re:Being positive here... apk (2)

Opportunist (166417) | more than 3 years ago | (#36214128)

SONY now knows 1 good thing from this: How to stop it from happening again on this and other sites/domains they own & host websites from.

Well, if the recent weeks told us one thing then that they do NOT learn anything from the penetrations. PSN was penetrated and they took it down, but it seems they didn't really learn much from it, since SOE followed. PSN went back up, only to be torn down again near instantly because it was AGAIN penetrated with an allegedly similar attack. And now that. An SQL injection, the one attack that can be prevented the easiest and with the least hassle (hell, there's even free frameworks for nearly every script language in the world that do it automatically for you).

I'd say if one thing's certain, then that Sony doesn't learn jack from the attacks.

Re:Being positive here... apk (1)

DI4BL0S (1399393) | more than 3 years ago | (#36214386)

it was AGAIN penetrated with an allegedly similar attack.

This is not true, The secondary attack [slashdot.org] was just resetting passwords from users that did not reset their password yet, made possible by the data stolen (email & date of birth) from PSN hack earlier. I saw this comming the second I read sony would force every user to change their password on first logon.

Re:SQL Injection... (4, Informative)

Bacon Bits (926911) | more than 3 years ago | (#36213982)

I thought the most preventable of all security holes was blank administrator passwords. Granted, the most notorious instance of this was the default install of SQL Server 2000's sa account....

Re:SQL Injection... (1)

yarnosh (2055818) | more than 3 years ago | (#36214440)

I guess I meant from a code perspective. I suppose there are plenty of other ways to leave your system wide open. /shrug

Re:SQL Injection... (1)

networkzombie (921324) | more than 3 years ago | (#36214572)

Windows does not allow network access to any account with a blank password. Using a blank password with the SA account in SQL is incompetence.

But... why?! (1)

MrEricSir (398214) | more than 3 years ago | (#36213990)

The Application String Interface was a poor idea from the start. It's the 21st century, we shouldn't be building strings to do DB queries.

Re:But... why?! (3, Insightful)

betterunixthanunix (980855) | more than 3 years ago | (#36214006)

I would classify this as part of the more general category of "in band signalling." The telephone network learned the hard way why such a design is bad when people began to use blue boxes, but it still took decades for them to fix the problem. I suspect that it will be a while before we see a real fix to the SQL injection problem as well.

SQL injection attacks fixed long ago (5, Informative)

SuperKendall (25149) | more than 3 years ago | (#36214152)

I suspect that it will be a while before we see a real fix to the SQL injection problem as well.

It's called a paramterized query and pretty much every language on the planet supports this mechanism.

SQL injection is mostly a solved problem, except for programmers.

Re:SQL injection attacks fixed long ago (2)

plover (150551) | more than 3 years ago | (#36214344)

Parameterized queries by themselves aren't the panacea that people make them out to be. They still allow attack code to be stored in the database. Bad handling of the data deeper in the application stack, where protections aren't expected, might still choke on the code. You need 100% of the SQL queries in the system to be parameterized. Even then, they do nothing to prevent other language injection attacks to pass through, such as XSS attacks.

As you say, it's a solved problem, if the programmers use it. And parameterized queries absolutely protect those particular queries from the malicious bastards, so I'm not knocking them in any way. I'm just saying that someone shouldn't naïvely claim "we're secure" based solely on that premise.

Re:SQL injection attacks fixed long ago (1)

Splab (574204) | more than 3 years ago | (#36214392)

Indeed you can inject JS or whatever if data isn't parsed correctly, but using parametrized queries will at least never ever expose the users credit cards, username, passwords etc.

Re:SQL injection attacks fixed long ago (1)

yarnosh (2055818) | more than 3 years ago | (#36214460)

As you say, it's a solved problem, if the programmers use it. And parameterized queries absolutely protect those particular queries from the malicious bastards, so I'm not knocking them in any way. I'm just saying that someone shouldn't naïvely claim "we're secure" based solely on that premise.

I think that goes without saying. The GP just said that SQL injection is a solved problem.

LULZ (1)

elucido (870205) | more than 3 years ago | (#36214604)

Poor Sony.

Maybe if they cared as much about their customers as they do about profits and making money, this could have been avoided or at least negotiated. But now it's out of control. It's game over.

The hackers aren't going to stop. Sony needs to hire cyber warriors.

HAHAHAHAH!!!!! (0, Troll)

Anonymous Coward | more than 3 years ago | (#36213962)

LOLZZZZZ!!!!!!

seriously sony?

RONFLMFAO!!!!!!

hahahahahahahahahah!!!!!!!!!!!!

Re:HAHAHAHAH!!!!! (0)

Anonymous Coward | more than 3 years ago | (#36214430)

Yep, the day Sony turned into an American company and started suing people for alleged copyright violations instead of making cool hardware, they were doomed.

Public penetration test (4, Insightful)

mehrotra.akash (1539473) | more than 3 years ago | (#36213978)

Isnt every network exposed to the public (esp. mid size or larger commercial ones) continously under attempted attack?

Re:Public penetration test (2)

techno-vampire (666512) | more than 3 years ago | (#36214024)

Isnt every network exposed to the public (esp. mid size or larger commercial ones) continously under attempted attack?

Yes, of course they are. However, there are examples of SQL injection attacks [wikipedia.org] going back to November, 2005. There's no excuse for a company as big as Sony to be vulnerable to them almost five years later.

Re:Public penetration test (2)

smash (1351) | more than 3 years ago | (#36214110)

Well given they were running apache 1.3 on various things, which was not really suggested as the basis for new installs even way back in 2003-2004, its no great surprise they're still vulnerable to shit that was popular / exposed back in 2005.

Re:Public penetration test (0)

Anonymous Coward | more than 3 years ago | (#36214146)

Isnt every network exposed to the public (esp. mid size or larger commercial ones) continously under attempted attack?

Yes, of course they are. However, there are examples of SQL injection attacks [wikipedia.org] going back to November, 2005. There's no excuse for a company as big as Sony to be vulnerable to them almost five years later.

No, actually they aren't. An exploit riddled site can sit out there for years without being noticed; this is pretty common. The fact is that Sony is a high-profile target.

Re:Public penetration test (5, Insightful)

MagusSlurpy (592575) | more than 3 years ago | (#36214200)

Yes, but to be fair to Sony (which really pains me), they are currently the focus of every bored script kiddie in the world right now, as well as most of the legitimately pissed-off, skilled hackers. While there may not be such a thing as "security through obscurity," there is a lot to be said for not having a target the size of Montana painted on your servers.

Karma's a bitch, Sony. (4, Insightful)

jaskelling (1927116) | more than 3 years ago | (#36213984)

Years of half baked products, poor reliability, hostile customer service, lazy innovation, and a general disdain for security are what your customers have had to deal with. I really don't care who is doing it to you or why - but I applaud them teaching you the hard lessons of the evolving technological age. You can't keep repeatedly flipping people the finger anymore and tell them to deal with it. Evolve or die. And no, my loathing isn't related to just the recent PS3 debacle. It extends to experiences with consumer audio, professional theatrical projection equipment, and so on right down the line. The fact that you're being taken out by the simplest of attacks in most cases just makes my smile grow a little more.

Re:Karma's a bitch, Sony. (1, Insightful)

rrohbeck (944847) | more than 3 years ago | (#36214022)

+5.
Remember when Sony products were cool because they were innovative? Today you're outing yourself as a mindless consumer if you buy anything Sony.

Re:Karma's a bitch, Sony. (5, Insightful)

Opportunist (166417) | more than 3 years ago | (#36214172)

Remember when Sony products were cool because they were innovative?

Yes, I'm actually that old.

I guess we should explain for the kids here since I guess they can't even imagine it: Sony was cool. Not just like Apple today, with fanboys liking it and everyone else hating it, it was THE cool brand. They had innovative products with never seen before features and a kickass support that didn't bother to ask for details, they just threw a new model at you if the old one croaked, which was actually unlikely because, hey, it was a SONY, they don't fall apart! People were proud to have Sony speakers and Sony radios in their cars, they were proud to have a Sony walkman (as if you could get any others, after all it was a brand name) and they had every right to be proud, they bought something of lasting value!

I admit, it's very hard to believe that today.

Re:Karma's a bitch, Sony. (1)

Bacon Bits (926911) | more than 3 years ago | (#36214240)

Remember when Sony products were cool because they were innovative?

Yes, I'm actually that old.

That's OK. I'm old enough to remember before Sony meant good. I remember when Sony meant cheap knock-off from Japan.

Re:Karma's a bitch, Sony. (1)

johanatan (1159309) | more than 3 years ago | (#36214406)

He has a lower slashdot ID than you though. Fail!

Re:Karma's a bitch, Sony. (1)

JohnRoss1968 (574825) | more than 3 years ago | (#36214576)

And they both have a lower Slashdot ID than you do, for that matter so do I. That doesn't mean a damn thing.
Sorry but the fail is on you.

Re:Karma's a bitch, Sony. (2)

SuperQ (431) | more than 3 years ago | (#36214402)

Yup, I loved my walkman and and then discman. And decent earbuds. I tried to love minidisc, but it was just too painful to keep using sony's proprietary bullshit. Between the minidisc fail, the memory stick fail, and the general shit-tastic quality of stuff these days I've just given up.

Re:Karma's a bitch, Sony. (1)

Pentium100 (1240090) | more than 3 years ago | (#36214456)

I have two Sony Walkmans (Walkmen?) and they are very good and solidly built (quite a lot of metal parts, compared to today's mostly plastic devices). Whatever they make now will most likely break beyond repair before the cassette players do. Yes, the players needed a belt change, but that was relatively easy to do and the new belts should last a long time. I still listen to cassette, since I have a lot of tapes so it makes sense to record new stuff to tape instead of copying all tapes to a digital format, buy portable and car digital players, in a sense I am "locked in". Also, it is more convenient to record to a cassette compared to PC, and digital recorders are quite expensive.

Re:Karma's a bitch, Sony. (0)

Anonymous Coward | more than 3 years ago | (#36214490)

I'm not that old, but my home has Sony TV's older than I am, so I know what you are saying

Re:Karma's a bitch, Sony. (-1, Troll)

Elbereth (58257) | more than 3 years ago | (#36214036)

Let me get this straight. You're an unhappy customer, so you support other customers' personal information being sold on the black market? And this is supposed to teach Sony what lesson, exactly? And, after being burned numerous times by a large, multinational corporation, you continue to use their products again and again, and support vigilante justice / privacy invasions of third parties, rather than simply boycotting the corporation?

Yep. Sounds like Slashdot alright.

Re:Karma's a bitch, Sony. (2, Insightful)

seanvaandering (604658) | more than 3 years ago | (#36214084)

Other than getting a free Sony Blu-Ray player recently, I really try to avoid Sony products as a rule. I used to LOVE them, their receiver line was one of the best ten years ago, but the only thing I would entertain buying these days is MAYBE a LCD TV. There is just so much better choices out there these days and i'm not into buying name brand for the name anymore.. having a family will do that to ya :)

Re:Karma's a bitch, Sony. (1)

Swarley (1795754) | more than 3 years ago | (#36214216)

Don't even bother with the Sony TVs. They do make some nice TVs, but so do Samsung and Sharp (Aquos anyway, their budget sets don't hold the same value proposition) for quite a bit less money. I can't think of a single line of Sony products that doesn't butt up against better and cheaper competition. They are just coasting and selling the name to people old enough to have bought their first nice TV 20+ years ago when Sony actually gave a crap.

Sony LCD TV one of the better ones. (1)

syousef (465911) | more than 3 years ago | (#36214294)

Don't even bother with the Sony TVs. They do make some nice TVs, but so do Samsung and Sharp (Aquos anyway, their budget sets don't hold the same value proposition) for quite a bit less money. I can't think of a single line of Sony products that doesn't butt up against better and cheaper competition. They are just coasting and selling the name to people old enough to have bought their first nice TV 20+ years ago when Sony actually gave a crap.

When I was shopping for TVs last year the Sony was one of the better ones for input lag. Not great mind you. The Aquos was great for input lag but had terrible sharpening artifacts. It was like watching a cheap and cheerful Chinese brand TV and I couldn't stand it in the store so I didn't buy it. Samsung has become awful for input lag - as in unplayable on a console.

I ended up with the Sony 55ex500. Not a bad tele but some annoyances. Definitely would do better with a second tuner as the guide sucks, and some annoying bugs on the menu (like most recently watched channels don't work). Apart from these 2 annoyances and first unit replaced due to dead pixels in the first week, the TV has been trouble free and served my young family well. Great sound and picture (with minor tweaking to set up). Great fun with the Wii. Fantastic Bluray. Lots of inputs. (Some slight picture stutter in full res panning for some titles, even with 100Mhz gimmick, but livable). And it was the cheapest of the bunch. The geek in me also hates that you can't downgrade firmware - new firmware always a risk with the tele. If I could find better I would have bought it. I have no love of Sony.

What was striking was how bad input lag had gotten on most models, and how quality had gone down even quicker than price for all manufacturers. Few now have decent dead pixel policies.

Re:Sony LCD TV one of the better ones. (1)

drinkypoo (153816) | more than 3 years ago | (#36214504)

How much time did you spend playing with the controls on the Aquos? Mine was a bit that way when I got it but I was able to tone it down. I had a 32", traded it for a compressor and air tools, and now we have a larger one in the living room. (The 32" was in my room, then it migrated out, then it was too small for the living room... it worked out great.) This set (which we got at costco) seems to have just one problem, getting input7 and input8 (both hdmi) confused on occasion. It would be hilarious if it weren't the single most expensive thing we own that doesn't roll. It's still kind of amusing since it rarely happens, is cleared up by a power cycle, and is the only blemish on an otherwise fantastic set. And it has the absolute minimum lag...

Re:Karma's a bitch, Sony. (-1, Offtopic)

guybrush3pwood (1579937) | more than 3 years ago | (#36214156)

So if someone breaks into your house and steals your TV the police you should tell you to go fuck yourself because you didn't barricaded and guarded your belongings with firearms? If you catch a cold your doctor should tell to to suck it up and go live somewhere less cold?

You, sir, are an idiotic toddler.

Re:Karma's a bitch, Sony. (1)

Anonymous Coward | more than 3 years ago | (#36214168)

take it easy fanboi.

Re:Karma's a bitch, Sony. (0, Informative)

Anonymous Coward | more than 3 years ago | (#36214308)

If you catch a cold your doctor should tell to to suck it up and go live somewhere less cold?

That's not how colds work.

Re:Karma's a bitch, Sony. (1)

Luckyo (1726890) | more than 3 years ago | (#36214378)

No, somewhere more cold. Bacteria and virii that cause various diseases that go under "cold" umbrella enter state similar to hibernation at around -5C.

Re:Karma's a bitch, Sony. (0)

Anonymous Coward | more than 3 years ago | (#36214388)

No, this is karma and Sony we're talking about. It's like if someone breaks into your house and steals your address book and starts blackmailing your ex-girlfriends for money, except instead of being a normal person, you're a sociopath who runs a crime ring.

Sony is a dirty, dirty corporation who is abusing democracy around the world, pushing crap like the secret WIPO treaties through parliaments too corrupt or stupid to realize what they're doing. They can't get enough of what they really deserve.

Re:Karma's a bitch, Sony. (1)

JohnRoss1968 (574825) | more than 3 years ago | (#36214608)

LMFAO I love you fanboys, you always make me smile.
A better analogy would be If you leave your widescreen TV down at the end of your driveway and someone steals it. The Police would probably chick it out for you but don't expect them to bust their humps doing it. Then You leave your computer system down there the next day and someone steals that. At that point you can expect the police to tell you to go fuck yourself.
Or
If If you have a habit of hosing yourself down with water then running around outside in the snow and you get sick, the doctor might chide you a bit for it but would probably treat you. then the next day you start drinking drain cleaner. Im hoping for your sake that the doctor has you sent to a nice safe place.

Re:Karma's a bitch, Sony. (5, Informative)

_xeno_ (155264) | more than 3 years ago | (#36214416)

professional theatrical projection equipment

There was an interesting story in the Boston Globe [bo.st] this weekend about how Sony projectors are projecting 2D digital movies up to 85% darker than they should.

The reason? It turns out to be Sony DRM, although the article doesn't ever come out and say it directly. Basically, there's a special 3D lens required to display 3D movies, but this lens reduces the brightness of 2D movies.

So why aren't theater personnel simply removing the 3-D lenses? The answer is that it takes time, it costs money, and it requires technical know-how above the level of the average multiplex employee. James Bond, a Chicago-based projection guru who serves as technical expert for Roger Ebert's Ebertfest, said issues with the Sonys are more than mechanical. Opening the projector alone involves security clearances and Internet passwords, "and if you don't do it right, the machine will shut down on you."

In other words, you have to deal with Sony DRM. Rather than jump through the Sony-imposed hoops, theaters just leave the 3D lens on all the time.

Why bother with Sony projectors at all if they have this problem and others don't?

The reason appears to be a basic business quid pro quo. Sony provides projectors to the chains for free in exchange for the theaters dedicating part of their preshow ads to Sony products.

So, yeah. Another wonderful example of Sony in general and Sony DRM in specific giving customers an inferior product.

Obviously the theaters deserve some blame for this too.

Re:Karma's a bitch, Sony. (2)

mehrotra.akash (1539473) | more than 3 years ago | (#36214500)

"Opening the projector alone involves security clearances and Internet passwords"

Is it a projector or an ATM?

Re:Karma's a bitch, Sony. (2)

siddesu (698447) | more than 3 years ago | (#36214442)

That's what American management does to you.

PPT?! (2)

microcuts (1991026) | more than 3 years ago | (#36213998)

i'm sorry, but was the phrase: "world's largest public penetration test?" really necessary?

Re:PPT?! (0)

Anonymous Coward | more than 3 years ago | (#36214282)

Giggity!

Re:PPT?! (3, Funny)

plover (150551) | more than 3 years ago | (#36214394)

i'm sorry, but was the phrase: "world's largest public penetration test?" really necessary?

Sony acts like the world's largest orifice so it's only fitting.

Re:PPT?! (1)

nospam007 (722110) | more than 3 years ago | (#36214532)

"Sony acts like the world's largest orifice so it's only fitting."

It's not a trick, it's a Sony!

Sony = Consistent (5, Insightful)

alphax45 (675119) | more than 3 years ago | (#36214012)

Well at least they are consistent - none of their systems seem to have more than basic security.

Re:Sony = Consistent (1)

Tamran (1424955) | more than 3 years ago | (#36214044)

Consistency - It's only a virtue if you're not a srew-up.

http://www.despair.com/consistency.html [despair.com]

Re:Sony = Consistent (1)

ub3r n3u7r4l1st (1388939) | more than 3 years ago | (#36214108)

Simplicity is beauty -- at least it comes from the mouth of those who are against spaghetti and obfuscated code.

There are still places for spaghetti and obfuscated code, and this is why.

Sony will be secure? (2)

ohnocitizen (1951674) | more than 3 years ago | (#36214026)

From TFA, some curious speculation:

While it's cruel to kick someone while they're down, when this is over, Sony may end up being one of the most secure web assets on the net.

Is there any evidence to back this up? I keep thinking of counter examples, the best one being Sony. They've been attacked how many times now, and they are still leaving security holes of this nature up? One would think after the first attack a company wide IT effort to harden their servers would have been given something other than the lowest priority...

Re:Sony will be secure? (2, Insightful)

Anonymous Coward | more than 3 years ago | (#36214090)

Yes, and you would think the airlines would strengthen the door after the first cockpit invasion back in the 30s or 40s, whenever it was, but we had to wait until the mother of all hijackings before this most basic move was undertaken.. What we will probably get is some kind of 'TSA' for the internet instead. History repeats itself in many ways.

Re:Sony will be secure? (1)

dakameleon (1126377) | more than 3 years ago | (#36214204)

Give Sony a bit of a break, it's only been a month, and SCE & Sony Music are far enough apart within the overall Sony group for it to not necessarily have filtered all the way to testing the vulnerabilities in Hungary.

Re:Sony will be secure? (1)

the_enigma_1983 (742079) | more than 3 years ago | (#36214292)

I don't see how it'd take even a month to get that far. By the second attack, memos or something should be going company-wide, saying "People are trying to break into our networks, make sure stuff is secure".
If it takes more than 4 weeks for an IT team to do a basic security audit (SQL injection means not using parameterized queries, so basic to spot and fairly simple to stop), then you simply haven't budgeted enough for IT. Which is a reason for the new problem but still a problem they had control over.

CL Jpb Ad (1)

Anonymous Coward | more than 3 years ago | (#36214030)

Established company seeking security professionals, all positions open

Like it matters. (5, Interesting)

MrQuacker (1938262) | more than 3 years ago | (#36214042)

Anyone who's ever visited Greece knows nobody buys music there. For 2euro an hour you can visit an internet cafe, get the password from the guy at the front desk, and connect to the cafes local file server. Last time I was there they had something like 20TB+ worth of movies, music, tv shows, games, and porn.

They decided that since people download stuff anyways, might as well save on the bandwidth and store it locally. Any time you download a file its mirrored in the cafes file server, so others can copy it without having to re-download.

And if you dont go that route, you can buy bootleg copies from any number of African immigrants on the street for just a few euro. Many times for better quality than available in stores for retail price.

Re:Like it matters. (3, Interesting)

Eravnrekaree (467752) | more than 3 years ago | (#36214280)

Especially about the better quality, is the ironic truth. Remember those who were copying Star Wars Laserdiscs and making them into movie files, because the DVDs were often so slow in coming, and then the DVD releases were only of the new doctored versions and the original versions of star wars were impossible to purchase? The Laserdiscs of Star Wars were also reported to have better special features compared to the later DVD releases.Often times its impossible to get movies on DVDs from the companies, which basically is the companies tell fans, screw you, so fans just share the copies with themselves. For years companies have treated their customers like shit, and they then expect people to love them?

Re:Like it matters. (1)

drinkypoo (153816) | more than 3 years ago | (#36214528)

I can verify that if you have the fat boxed set there are some nifty features. It also came with a big picture book if you bought the extra-fat boxed set.

I only wish I had an LD player that would play more than 1 disc 2 sides. All the LD players which play 2 discs that I see any more are Karaoke units and they want real money for them... as if that were a selling point.

Re:Like it matters. (0)

Anonymous Coward | more than 3 years ago | (#36214368)

And people were wondering why the greeks needed a bailout...

Re:Like it matters. (2)

Psychotria (953670) | more than 3 years ago | (#36214518)

I don't think the music piracy is the point. I think that the point is that the public perception on Sony is being degraded; it has nothing to do with piracy as far as I can see. This is being reported in mainstream media now... would I trust Sony with any of my details? Not a chance. Additionally, these "attacks" must be costing Sony money... probably a lot of money due to not only customer's trusting them less, but the extra employees (or current employees overtime) and resources they need to spend to fix things.

LOL (-1)

Anonymous Coward | more than 3 years ago | (#36214048)

this is f*cking epic! LULZ indeed!

Your Mom (0)

Anonymous Coward | more than 3 years ago | (#36214054)

Reading the last line of the description, I can guess what Sony's comeback line is going to be

Plain text passwords?? (5, Informative)

wvmarle (1070040) | more than 3 years ago | (#36214060)

The linked article also provides a screen shot with obscured personal information.

It appears the passwords are stored in plain text, not as hash: formatting makes it unclear but it seems the length varies, and the password fields are short (6-10 characters or so), while hashes are much longer than that.

Bad bad security! No wonder they also fall victim to the age-old SQL injection attack... which I thought most SQL interface libraries can automatically intercept by adding the appropriate escaping... many years ago I used Pythons MySQLdb and they were doing that for very very long already... so there should be no excuse for allowing this to happen still.

the world's largest public penetration test? (0)

Anonymous Coward | more than 3 years ago | (#36214072)

the world's largest public penetration test?
That title belongs to Snookie

Re: the world's largest public penetration test? (1)

CyberDong (137370) | more than 3 years ago | (#36214286)

Actually, I think it's Lisa Sparxxx [wikipedia.org] at 919 guys.

Re: the world's largest public penetration test? (0)

Anonymous Coward | more than 3 years ago | (#36214612)

Mod parent informative.

expect more (2)

smash (1351) | more than 3 years ago | (#36214094)

Evidently, the playstation 3 firmware/network isn't the only instance where sony totally fails at securing their shit. SQL injection? Really? In this day and age? I'm simply shocked that it hasn't happened a lot earlier; they've been pissing people off for years now, its amazing its taken this long for a collective group to make a serious effort to try and break in.

Public Shaming Test! (0)

Anonymous Coward | more than 3 years ago | (#36214106)

Penetration test? Try Public Shaming test.

It's simple. Piss off enough of the wrong people for reasons nothing more than you can, and you think it protects your bottom line, and they will embarrass you. Be it a Corporation, Government, or private citizen. The net is the ultimate perceptive level playing field. What we perceive as justice on-line, is in fact retribution.

"Is Sony's network being used as ..." (5, Insightful)

QuasiSteve (2042606) | more than 3 years ago | (#36214120)

Is Sony's network being used as the world's largest public penetration test?

No, every other scriptkiddie is just joining in on teh lulz of flogging the dead horse. "ZOMG I sql injectioned a SONY site! Yeah, it's got nothing to do with PS3 or PSN, and yeah it's some site in Greece, but lulz amirite!?"

It's even in the bloody article, isn't it?

As I mentioned in the Sophos Security Chet Chat 59 podcast at the beginning of the month, it is nearly impossible to run a totally secure web presence, especially when you are the size of Sony. As long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them.

It appears someone used an automated SQL injection tool to find this flaw. It's not something that requires a particularly skillful attacker, but simply the diligence to comb through Sony website after website until a security flaw is found.

I mean.. honestly?

They could be running this against $random_site and try to hit the news with it, too.. but they wouldn't.. because nobody cares about a random hack at a random site right now.. but if it's got SONY attached to it.. well.. lulz rules the news.

None of which excuses the poor security.. but none of which excuses the submitter from his choice of words either.

Re:"Is Sony's network being used as ..." (1, Insightful)

flimflammer (956759) | more than 3 years ago | (#36214230)

Jesus Christ, man. How far did that stick get wedged up your ass?

Re:"Is Sony's network being used as ..." (-1)

Anonymous Coward | more than 3 years ago | (#36214506)

jesus christ is a fucking nigger and so are you.

Re:"Is Sony's network being used as ..." (3, Insightful)

DurendalMac (736637) | more than 3 years ago | (#36214248)

Kinda makes you wonder why Sony was vulnerable to exploits that could be found in skiddie tools. If someone had to actually dig for an exploit or found a new one to use against them, then that would be something, but when skiddies can breach your network then you seriously need to fire the guys in charge of security because they suck at their jobs.

Re:"Is Sony's network being used as ..." (5, Insightful)

LordLucless (582312) | more than 3 years ago | (#36214290)

As long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them.

It almost seems as if deliberately screwing people over doesn't really pay off, doesn't it?

Re:"Is Sony's network being used as ..." (2)

Cyberllama (113628) | more than 3 years ago | (#36214356)

There's a difference between "running a totally secure web presence" and "exploited by an automated SQL injection tool". If an auomated tool could find it, then you have to wonder why the hell Sony hadn't just run the damn tool themselves. There are levels of insecurity, and this level is well below what a company like Sony should be at.

Almost (1)

kimvette (919543) | more than 3 years ago | (#36214188)

I almost feel bad for Sony.

Almost.

If these hackers had REAL balls... (0)

Anonymous Coward | more than 3 years ago | (#36214250)

...they would do this against Islamic sites. But like I say, no balls.

anon nymous (0)

Anonymous Coward | more than 3 years ago | (#36214256)

Double penetration test, i'd say...

Sony (1)

SigmaTao (629358) | more than 3 years ago | (#36214258)

*facepalm*

Root kit (0)

Anonymous Coward | more than 3 years ago | (#36214302)

Sorry, Sony deserves it all. Root kit!

Story Tags (0)

Anonymous Coward | more than 3 years ago | (#36214314)

so is the tags for this article really just a game of "one of these things is not like the other"?

public penetration test (2)

n1hilist (997601) | more than 3 years ago | (#36214362)

Heh heh, Sony's gettin' shafted!

Sony should have learned from Little Bobby Tables (1, Redundant)

Cyberllama (113628) | more than 3 years ago | (#36214370)

This never gets old to me.
http://xkcd.com/327/ [xkcd.com]

I am a sick and twisted little man.... (0)

Anonymous Coward | more than 3 years ago | (#36214408)

... that the first thing I thought of upon reading the article summary found myself thinking that it was a lead-in to a "that's what she said" joke.

I love the smell of napalm in the morning (5, Insightful)

ras (84108) | more than 3 years ago | (#36214550)

Is Sony's network being used as the world's largest public penetration test?"

No more than HB Gary was.

To wit: This is the prescription for being attacked mercilessly, for months on end:

  1. 1. Produce an item that is clearly advertised as having feature X, where feature X is useful only to really, really good programmers. You know - the ones who spend their time cracking the hardest problems using array of specialised parallel processors.
  2. 2. Sell the item to lots of people, who hand over their money on the basis of having feature X.
  3. 3. Some years later, withdraw feature X, so the all the software these people have invested years in creating is blown away.
  4. 4. When said programmers then fairly legitimately, extract your secret keys so they can restore feature X, unleash a phalanx of lawyers to peruse them within an inch of their financial lives, until they recant.

At that point you will discover what sort of damage a bunch of really pissed off top notch programmers can do.

With luck all the other psychopathic mega corporations around the world are watching and learning. The lesson is simple: don't poke a hornets nest.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?