Iron Edge

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

 


* *

Apply to Iron Edge

Apply to the ToT Raid
Currently full
Apply to the Main Raid
Recruiting!
Apply for the Weekend Raid
Recruiting!
Apply as a Social member
All are welcome to apply
 LOL SONY



0 Members and 1 Guest are viewing this topic.

June 04, 2011, 04:08:15 am
Read 8523 times

Offline shankski

  • Guild Member
  • *

  • 833
    Posts

LOL SONY
« on: June 04, 2011, 04:08:15 am »
I'm not sure if you guys are aware of the current shitstorm that is occurring so I'd thought I'd bring it to attention.

The PSN was hacked with one of the most simple attacks. SQL injection was used by hackers, as a result over 1 million users data have been compromised (including passwords, addresses and private info). This is one of many attacks on the PSN recently, according to internet sources banking information has been compromised.

I think its absolutely ridiculous how easy it was to obtain this data. I am so glad I'm not a PSN user and I urge any of you guys that use PSN to change your passwords and call up your banks.

Quote from: http://news.uk.msn.com/world/articles.aspx?*-documentid=158025625
Quote
Sony has been hit by a second massive data breach, hackers claim, another potential embarrassment for a company that is struggling to restore its image following the loss of millions of credit card numbers through its PlayStation Network.

The hackers, who call themselves LulzSec, said they pulled off what they described as an elementary attack to highlight Sony's "disgraceful" security.

"Every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it," LulzSec said in a statement. "They were asking for it."

Sony Pictures, a subsidiary of Sony Corporation of America, said it is aware of the LulzSec statement.

"We are looking into these claims," said Jim Kennedy, executive vice president of global communications for Sony Pictures Entertainment.

The data - which includes passwords, email addresses, phone numbers, home addresses, dates of birth - was posted to the LulzSec website and appeared to be at least partially genuine.

The Associated Press called a number listed by LulzSec as belonging to 84-year-old Mary Tanning, a resident of Minnesota. Ms Tanning picked up the phone, and confirmed the rest of the details listed by LulzSec - including her password, which she said she was changing.

Sony is already is facing questions over why it did not inform consumers more quickly after a massive cyber-attack in April targeted credit card information through its PlayStation Network and Sony Online Entertainment network, compromising more than 100 million user accounts.

At the time, experts warned the attack emboldened hackers and made them more willing to pursue sensitive information.

It is unclear who the members of LulzSec are, or where they are based.


If you are not aware LulzSec are claiming responsibility for the attacks and have also launched other successful attacks on FBI affiliate websites dedicated to cyber security. E.G. http://www.infragardatlanta.org/ (pretty hilarious but might be changed by the time you click the link

LulzSec twitter:  http://twitter.com/#!/lulzsec

Personally I think its hilarious what these guys have done, being able to expose millions of records of private data with a simple SQL injection attack. Sony should be ashamed of this quite frankly awful security system they have in place. The worst thing is as mentioned in the quote, none of this private information was encrypted.

Whats your guys thoughts on the whole situation?

Edit:

LulzSec targeted Unveillance a botnet intelligence solution, theres 2 sides of the story here
http://www.unveillance.com/latest-news/unveillance-official-statement/
http://pastebin.com/MQG0a130

It now seems they are directly targeting the FBI and NATO, should be quite intersting to see how this one unfolds.
« Last Edit: June 04, 2011, 09:32:48 am by shankski »

June 04, 2011, 06:15:40 am
Reply #1

Inphy

  • Guest
Re: LOL SONY
« Reply #1 on: June 04, 2011, 06:15:40 am »
Thank god I'm not the only one that thought the hacks were hilarious, here I was thinking I just had a sick sense of humour.

But yeah, it's shameful that a company such as SONY has such poor security. A great act from LolzSec to prove to show that to the community. As long as they didn't use those accounts for their own good obviously.

I must say though, the hacker community is getting a lot better than they used to be. They're in greater numbers and have much better communication (4chan, IRC, fora), so it's a more organized 'crime' you can say. And the problem is that technology can't be kept secret because it's being used publicly by all sorts of companies. So the hackers have free access to investigate where the breaches are. Well, that's how I see it, I might be wrong (wouldn't be the first time!)

June 04, 2011, 07:34:03 am
Reply #2

kawe

  • Guest
Re: LOL SONY
« Reply #2 on: June 04, 2011, 07:34:03 am »
Absolutely Sony should be ashamed, but that doesn't make lulzsec any less dickheads. Publishing the data of so many people after finding it? What purpose does this serve?

Self-serving twats who appear to have done it for nothing but an ego-boost with complete disregard for the pain in the ass they are causing for everyone else. There's the often dragged-out old excuse "oh but it's important that they reveal bad security". Funny then that they're okay with fucking the people who they're supposedly fighting for who are victims of this bad security. Further to that and we all know that it's widely considered that nothing is completely hack-proof either.

June 04, 2011, 09:05:08 am
Reply #3

Offline shankski

  • Guild Member
  • *

  • 833
    Posts

Re: LOL SONY
« Reply #3 on: June 04, 2011, 09:05:08 am »
Yeah good point Kawe, LulzSec posted all the records online and on torrent sites like TPB, which is bang out of order.

Its one thing hacking Sony to highlight security flaws but then making the records public so they can be abused by others is a dick move on their part.

June 04, 2011, 10:49:49 am
Reply #4

Offline Ezzardo

  • Former Member
  • *

  • 289
    Posts

  • SATAN KR'A'VER OFFERBLOD

Re: LOL SONY
« Reply #4 on: June 04, 2011, 10:49:49 am »
Absolutely Sony should be ashamed, but that doesn't make lulzsec any less dickheads. Publishing the data of so many people after finding it? What purpose does this serve?

Indeed. I hope this is wake-up call for every big company, referring to Blizzard in this case. I'm not a PS3 user so I'm not affect by this attack. But I might would've been if Blizzard would've been hacked. But generally for every big actors on the e-market. 
все знают, обезьяну, но обезьяна не знает ни один из них

June 04, 2011, 01:55:45 pm
Reply #5

Offline Doomslay

  • Guild Member
  • *

  • 1,390
    Posts

    • Inertia Computers
Re: LOL SONY
« Reply #5 on: June 04, 2011, 01:55:45 pm »
Didn't realise sony had it in them to drop another bollock like this. Poor guys. Still hilarious though.
doomslay/x/fs/y/z

June 06, 2011, 11:41:59 am
Reply #6

Offline Goza

  • Guild Member
  • *

  • 2,119
    Posts

Re: LOL SONY
« Reply #6 on: June 06, 2011, 11:41:59 am »
I like the fact that either the self-proclaimed, highly-paid security 'experts' have no clue (or just still have enough holes in their securities), or that it might just be impossible to create a bullet-proof system that bears up to the rage of the combined internetz and everyone on this earth with unlimited time on his hands.

Reminds me of the HBGary hack a few months ago.

June 06, 2011, 11:44:20 am
Reply #7

Offline Daekesh

  • Guild Member
  • *

  • 4,850
    Posts

Re: LOL SONY
« Reply #7 on: June 06, 2011, 11:44:20 am »
plain text...
Moo

Itkovian
Daekesh
Caladan
Hetan


June 06, 2011, 11:53:07 am
Reply #8

Offline delling2

  • Forum Member
  • **

  • 178
    Posts

Re: LOL SONY
« Reply #8 on: June 06, 2011, 11:53:07 am »
Aye -- you'd be amazed at how many systems still use plaintext. Mainly because of pressure from managers, too -- they have to get the system done, so they just go for the quickest route. (MIddle?) Managers rarely understand the importance of good security measures -- and that sentiment trickles down until no one cares...

It's still utterly depressing that one of the biggest companies in the world -- with one of the biggest R&D budgets! and one of the highest-tech portfolios! -- had deplorable defences. Really shocking.
Now I have a home page.

June 06, 2011, 12:33:08 pm
Reply #9

Offline Daekesh

  • Guild Member
  • *

  • 4,850
    Posts

Re: LOL SONY
« Reply #9 on: June 06, 2011, 12:33:08 pm »
Wonder when somebody's going to crack their R&D department, steal all their secrets...
Moo

Itkovian
Daekesh
Caladan
Hetan


 

Iron Edge Discord

Recent

Recent Logs

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 26, 2024, 04:18:04 pm

Login with username, password and session length

412 Guests, 0 Users