Recent Posts

Friday, June 3, 2011

Sony Hacked Again? Seriously? WTF?


By: Kareem 

Apparently the hacker group LulzSec has made a joke of Sony security once again. They reportedly stole 1 million users personal information and published some of it online. This after Sony apparently fixed up all their security holes.

LulzSec recently hacked into PBS for making a stupid, god-awful documentary on Bradley Manning/WikiLeaks and reigned all sorts of prankery on the site. Most notably posting an article saying Tupac is alive and well, living in New Zealand.  That was pretty funny, however the Sony attack might cause a little more harm than just a BS post about a 90’s rapper.

The attack on Sony came via what’s known as an SQL injection attack, which basically involves writing SQL code into a text entry field, once the code is entered the database receives it and if not well protected enough executes it. It’s a pretty basic attack and one Sony shouldn’t have left open, especially after their recent overhaul in security. One would think they’d cover something as simple and obvious as and SQL inject. It seems like Sony is pretty damned stupid when it comes to hacking, the hacker community and encrypting the personal information they collect on their users… that’s right, according to LulzSec the data was unencrypted and stored in plain text on Sony’s servers.

LulzSec also went ahead and released some of the info they had stolen, the Associated Press made some calls and validated that the information was correct, not all however. Some of the accounts were obviously fake, but that’s being attributed to users who didn’t want to give up their personal information. 

LulzSec took to Twitter saying:

“I hear there's been some funny scamming with jacked Sony accounts. That's what you get for using the same password everywhere”

"Hey innocent people whose data we leaked: blame @Sony.”

So who’s fault is it really?

If you ask me both parties are equally responsible, Sony should’ve triple checked their systems before going live again. It’s  better to have a delay in service than suffer the embarrassment of being hacked multiple times after you supposedly worked day and night pen testing and upgrading your security.

LulzSec is obviously responsible due to the fact they carried out the attack and posted the information.

There seems to be a lack of understanding on why LulzSec would post the information, possibly damaging quite a few innocent people, but it makes pretty good sense when you know a little about hacking culture When LulzSec hacked PBS they obviously had enough control of their servers to wipe out tons of data and do massive damage but they didn’t. Instead the benignly changed some pages and pulled a couple of harmless pranks, why? because the pranks were proof enough that they got in, compromised the servers and had almost total control. Hackers like to show off and in the case of Sony, LulzSec had to prove that they actually got in and stole legitimate information. Sony is a huge target right now, not just because the way they treated GeoHot but also because hackers really want to see how many holes Sony left unpatched.  Unfortunately for users that means proving you got in and the only way to really do that is to post the info so people can see for themselves.  At least they didn’t release all 1 million users information.


Related Stuffs:


No comments:

Post a Comment