My response? Time. Sony has a LOT of remedial work to do and as I said, I think it will take at least 2 years. Customers would be wise to listen though - don't trust Sony's security. Not for a while anyway.
03 June 2011
Sony (sigh) - just read on...
Yup. Again. Bit-tech is reporting that Sony Pictures was hacked, this time by a group called 'LulzSec' who posted the usernames and passwords of 60,000 customers on bittorrent. While what they did is wrong, they did have a message and while that message came from 'the bad guys' - it is the right message as once again, an SQL Injection attack was used and passwords were found in (you guessed it) unencrypted plain text. The message reads as follows: "This is disgraceful and insecure...They were asking for it...Why do you put such faith in a company that allows itself to become open to these simple attacks?'
Subscribe to:
Post Comments (Atom)
I was of the impression that they only posted samples, but later a file with all findings were found on TBP. In any case, I'm not trusting the motives of any organization or group that puts "Lulz" in its name...
ReplyDeleteAs for Sony's idiotic security - I can't begin to explain how terrible it is that they haven't even picked up on this themselves. Unencrypted passwords? SQL injections? The only successful SQL injection we've had where I work, was done on an old IIS that hadn't been patched since 1999 - that's the kind of f* up you have to do, to let an SQL Injection hit you. For shame Sony, for shame...
In Sony's case, out-of-date Linux servers, Christian. Sad but true.
ReplyDelete