Iron Edge
Iron Edge => Off Topic Discussion => Topic started by: shankski on June 04, 2011, 04:08:15 am
-
I'm not sure if you guys are aware of the current shitstorm that is occurring so I'd thought I'd bring it to attention.
The PSN was hacked with one of the most simple attacks. SQL injection was used by hackers, as a result over 1 million users data have been compromised (including passwords, addresses and private info). This is one of many attacks on the PSN recently, according to internet sources banking information has been compromised.
I think its absolutely ridiculous how easy it was to obtain this data. I am so glad I'm not a PSN user and I urge any of you guys that use PSN to change your passwords and call up your banks.
Quote from: http://news.uk.msn.com/world/articles.aspx?*-documentid=158025625
Sony has been hit by a second massive data breach, hackers claim, another potential embarrassment for a company that is struggling to restore its image following the loss of millions of credit card numbers through its PlayStation Network.
The hackers, who call themselves LulzSec, said they pulled off what they described as an elementary attack to highlight Sony's "disgraceful" security.
"Every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it," LulzSec said in a statement. "They were asking for it."
Sony Pictures, a subsidiary of Sony Corporation of America, said it is aware of the LulzSec statement.
"We are looking into these claims," said Jim Kennedy, executive vice president of global communications for Sony Pictures Entertainment.
The data - which includes passwords, email addresses, phone numbers, home addresses, dates of birth - was posted to the LulzSec website and appeared to be at least partially genuine.
The Associated Press called a number listed by LulzSec as belonging to 84-year-old Mary Tanning, a resident of Minnesota. Ms Tanning picked up the phone, and confirmed the rest of the details listed by LulzSec - including her password, which she said she was changing.
Sony is already is facing questions over why it did not inform consumers more quickly after a massive cyber-attack in April targeted credit card information through its PlayStation Network and Sony Online Entertainment network, compromising more than 100 million user accounts.
At the time, experts warned the attack emboldened hackers and made them more willing to pursue sensitive information.
It is unclear who the members of LulzSec are, or where they are based.
If you are not aware LulzSec are claiming responsibility for the attacks and have also launched other successful attacks on FBI affiliate websites dedicated to cyber security. E.G. http://www.infragardatlanta.org/ (http://www.infragardatlanta.org/) (pretty hilarious but might be changed by the time you click the link
LulzSec twitter: http://twitter.com/#!/lulzsec (http://twitter.com/#!/lulzsec)
Personally I think its hilarious what these guys have done, being able to expose millions of records of private data with a simple SQL injection attack. Sony should be ashamed of this quite frankly awful security system they have in place. The worst thing is as mentioned in the quote, none of this private information was encrypted.
Whats your guys thoughts on the whole situation?
Edit:
LulzSec targeted Unveillance a botnet intelligence solution, theres 2 sides of the story here
http://www.unveillance.com/latest-news/unveillance-official-statement/ (http://www.unveillance.com/latest-news/unveillance-official-statement/)
http://pastebin.com/MQG0a130 (http://pastebin.com/MQG0a130)
It now seems they are directly targeting the FBI and NATO, should be quite intersting to see how this one unfolds.
-
Thank god I'm not the only one that thought the hacks were hilarious, here I was thinking I just had a sick sense of humour.
But yeah, it's shameful that a company such as SONY has such poor security. A great act from LolzSec to prove to show that to the community. As long as they didn't use those accounts for their own good obviously.
I must say though, the hacker community is getting a lot better than they used to be. They're in greater numbers and have much better communication (4chan, IRC, fora), so it's a more organized 'crime' you can say. And the problem is that technology can't be kept secret because it's being used publicly by all sorts of companies. So the hackers have free access to investigate where the breaches are. Well, that's how I see it, I might be wrong (wouldn't be the first time!)
-
Absolutely Sony should be ashamed, but that doesn't make lulzsec any less dickheads. Publishing the data of so many people after finding it? What purpose does this serve?
Self-serving twats who appear to have done it for nothing but an ego-boost with complete disregard for the pain in the ass they are causing for everyone else. There's the often dragged-out old excuse "oh but it's important that they reveal bad security". Funny then that they're okay with fucking the people who they're supposedly fighting for who are victims of this bad security. Further to that and we all know that it's widely considered that nothing is completely hack-proof either.
-
Yeah good point Kawe, LulzSec posted all the records online and on torrent sites like TPB, which is bang out of order.
Its one thing hacking Sony to highlight security flaws but then making the records public so they can be abused by others is a dick move on their part.
-
Absolutely Sony should be ashamed, but that doesn't make lulzsec any less dickheads. Publishing the data of so many people after finding it? What purpose does this serve?
Indeed. I hope this is wake-up call for every big company, referring to Blizzard in this case. I'm not a PS3 user so I'm not affect by this attack. But I might would've been if Blizzard would've been hacked. But generally for every big actors on the e-market.
-
Didn't realise sony had it in them to drop another bollock like this. Poor guys. Still hilarious though.
-
I like the fact that either the self-proclaimed, highly-paid security 'experts' have no clue (or just still have enough holes in their securities), or that it might just be impossible to create a bullet-proof system that bears up to the rage of the combined internetz and everyone on this earth with unlimited time on his hands.
Reminds me of the HBGary hack a few months ago.
-
plain text...
-
Aye -- you'd be amazed at how many systems still use plaintext. Mainly because of pressure from managers, too -- they have to get the system done, so they just go for the quickest route. (MIddle?) Managers rarely understand the importance of good security measures -- and that sentiment trickles down until no one cares...
It's still utterly depressing that one of the biggest companies in the world -- with one of the biggest R&D budgets! and one of the highest-tech portfolios! -- had deplorable defences. Really shocking.
-
Wonder when somebody's going to crack their R&D department, steal all their secrets...