Slashdot Mirror


Sony Music Greece Falls To Hackers

xsee writes "Hackers: 6, Sony: 0. It appears an attacker has performed a SQL injection attack against SonyMusic.gr. The latest attack has exposed usernames, real names, email addresses and more. Is Sony's network being used as the world's largest public penetration test?"

9 of 303 comments (clear)

  1. Sony = Consistent by alphax45 · · Score: 5, Insightful

    Well at least they are consistent - none of their systems seem to have more than basic security.

    --
    K Man
  2. Re:people are stealing user info by fotbr · · Score: 5, Insightful

    In this case....I don't feel sorry for anyone doing business with sony. From my point of view, they made their bed, now they get to lay in it.

  3. "Is Sony's network being used as ..." by QuasiSteve · · Score: 5, Insightful

    Is Sony's network being used as the world's largest public penetration test?

    No, every other scriptkiddie is just joining in on teh lulz of flogging the dead horse. "ZOMG I sql injectioned a SONY site! Yeah, it's got nothing to do with PS3 or PSN, and yeah it's some site in Greece, but lulz amirite!?"

    It's even in the bloody article, isn't it?

    As I mentioned in the Sophos Security Chet Chat 59 podcast at the beginning of the month, it is nearly impossible to run a totally secure web presence, especially when you are the size of Sony. As long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them.

    It appears someone used an automated SQL injection tool to find this flaw. It's not something that requires a particularly skillful attacker, but simply the diligence to comb through Sony website after website until a security flaw is found.

    I mean.. honestly?

    They could be running this against $random_site and try to hit the news with it, too.. but they wouldn't.. because nobody cares about a random hack at a random site right now.. but if it's got SONY attached to it.. well.. lulz rules the news.

    None of which excuses the poor security.. but none of which excuses the submitter from his choice of words either.

    1. Re:"Is Sony's network being used as ..." by LordLucless · · Score: 5, Insightful

      As long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them.

      It almost seems as if deliberately screwing people over doesn't really pay off, doesn't it?

      --
      Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
  4. Re:Karma's a bitch, Sony. by Opportunist · · Score: 5, Insightful

    Remember when Sony products were cool because they were innovative?

    Yes, I'm actually that old.

    I guess we should explain for the kids here since I guess they can't even imagine it: Sony was cool. Not just like Apple today, with fanboys liking it and everyone else hating it, it was THE cool brand. They had innovative products with never seen before features and a kickass support that didn't bother to ask for details, they just threw a new model at you if the old one croaked, which was actually unlikely because, hey, it was a SONY, they don't fall apart! People were proud to have Sony speakers and Sony radios in their cars, they were proud to have a Sony walkman (as if you could get any others, after all it was a brand name) and they had every right to be proud, they bought something of lasting value!

    I admit, it's very hard to believe that today.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. Re:Public penetration test by MagusSlurpy · · Score: 5, Insightful

    Yes, but to be fair to Sony (which really pains me), they are currently the focus of every bored script kiddie in the world right now, as well as most of the legitimately pissed-off, skilled hackers. While there may not be such a thing as "security through obscurity," there is a lot to be said for not having a target the size of Montana painted on your servers.

    --
    My sister opened a computer store in Hawaii. She sells C shells by the seashore.
  6. Re:people are stealing user info by LordLucless · · Score: 5, Insightful

    So your saying, by doing this they're going to drive customers away from Sony, reduce their income stream, and eventually remove them from the world of global commerce?

    Wow, that sounds...terrible

    --
    Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
  7. I love the smell of napalm in the morning by ras · · Score: 5, Insightful

    Is Sony's network being used as the world's largest public penetration test?"

    No more than HB Gary was.

    To wit: This is the prescription for being attacked mercilessly, for months on end:

    1. 1. Produce an item that is clearly advertised as having feature X, where feature X is useful only to really, really good programmers. You know - the ones who spend their time cracking the hardest problems using array of specialised parallel processors.
    2. 2. Sell the item to lots of people, who hand over their money on the basis of having feature X.
    3. 3. Some years later, withdraw feature X, so the all the software these people have invested years in creating is blown away.
    4. 4. When said programmers then fairly legitimately, extract your secret keys so they can restore feature X, unleash a phalanx of lawyers to peruse them within an inch of their financial lives, until they recant.

    At that point you will discover what sort of damage a bunch of really pissed off top notch programmers can do.

    With luck all the other psychopathic mega corporations around the world are watching and learning. The lesson is simple: don't poke a hornets nest.

  8. Re:people are stealing user info by justforgetme · · Score: 5, Insightful

    ohh, wait I have to say something about this!!!!

    I was in a bank once, while it was being robed! Ok, it wasn't the nicest experience I ever had and I might have been inconvenienced a bit.
    Did I lose the money I had in the bank? No.
    Did I loose the info I had stored in it? No.
    Did I manage to do the jobs I had with the bank? Yes, I just went to another branch.

    So if you are going to create a service infrastructure that hasn't enough failsaves and backup plans to deal with a simple digital break in then you damn well deserve to be reduced to the economic equivalent of decarbonized organic material... And all people who trusted your Services (including Yours truly) deserve a very big refund for your incompetence and a big slap in the face for being such fools!

    --
    -- no sig today