Sony Music Greece Falls To Hackers

xsee writes "Hackers: 6, Sony: 0. It appears an attacker has performed a SQL injection attack against SonyMusic.gr. The latest attack has exposed usernames, real names, email addresses and more. Is Sony's network being used as the world's largest public penetration test?"

Re:SQL Injection...

[Bacon Bits]

I thought the most preventable of all security holes was blank administrator passwords. Granted, the most notorious instance of this was the default install of SQL Server 2000's sa account....

Plain text passwords??

[wvmarle]

The linked article also provides a screen shot with obscured personal information.

It appears the passwords are stored in plain text, not as hash: formatting makes it unclear but it seems the length varies, and the password fields are short (6-10 characters or so), while hashes are much longer than that.

Bad bad security! No wonder they also fall victim to the age-old SQL injection attack... which I thought most SQL interface libraries can automatically intercept by adding the appropriate escaping... many years ago I used Pythons MySQLdb and they were doing that for very very long already... so there should be no excuse for allowing this to happen still.

SQL injection attacks fixed long ago

[SuperKendall]

I suspect that it will be a while before we see a real fix to the SQL injection problem as well.

It's called a paramterized query and pretty much every language on the planet supports this mechanism.

SQL injection is mostly a solved problem, except for programmers.

Re:Karma's a bitch, Sony.

[Anonymous Coward]

If you catch a cold your doctor should tell to to suck it up and go live somewhere less cold?

That's not how colds work.

Re:Karma's a bitch, Sony.

[_xeno_]

professional theatrical projection equipment

There was an interesting story in the Boston Globe [bo.st] this weekend about how Sony projectors are projecting 2D digital movies up to 85% darker than they should.

The reason? It turns out to be Sony DRM, although the article doesn't ever come out and say it directly. Basically, there's a special 3D lens required to display 3D movies, but this lens reduces the brightness of 2D movies.

So why aren't theater personnel simply removing the 3-D lenses? The answer is that it takes time, it costs money, and it requires technical know-how above the level of the average multiplex employee. James Bond, a Chicago-based projection guru who serves as technical expert for Roger Ebert's Ebertfest, said issues with the Sonys are more than mechanical. Opening the projector alone involves security clearances and Internet passwords, "and if you don't do it right, the machine will shut down on you."

In other words, you have to deal with Sony DRM. Rather than jump through the Sony-imposed hoops, theaters just leave the 3D lens on all the time.

Why bother with Sony projectors at all if they have this problem and others don't?

The reason appears to be a basic business quid pro quo. Sony provides projectors to the chains for free in exchange for the theaters dedicating part of their preshow ads to Sony products.

So, yeah. Another wonderful example of Sony in general and Sony DRM in specific giving customers an inferior product.

Obviously the theaters deserve some blame for this too.

Re:people are stealing user info

[TheRaven64]

On OS X, the keychain is a system service that is separate from the end user applications. Any app can use it with a couple of function calls, and the service has fine-grained ACLs, so you have to explicitly grant an application access to each password (except ones that it created), so multiple browsers can share the passwords. It's encrypted on disk and is trivial to back up.

Re:Karma's a bitch, Sony.

[_xeno_]

No, that is just the polarising lens/filter combo needed for passive 3D glasses. Like sunglasses polarisation makes the image darker.

Yes, that would be the technical reason why the image is darker, but that's not the DRM part. The DRM is the reason that the projectionist doesn't simply replace the lens: if they do, they risk tripping Sony's DRM and locking the projector out.

Rather than risk that, they just leave the lens on. Thereby making the movie look absolutely horrible.

So it may not be DRM making the movie dark directly, but DRM is the root cause: Sony doesn't trust the people who own the projector to change the lens, and it's DRM that enforces that policy.

Re:could NOT care less!!

[Anonymous Coward]

It comes from the full phrase "I know naught and could care less." So when people say they could care less, they mean they could care less than naught. People who are unfamiliar with the classics hear "I could care less," and get confused and angry because they aren't familiar with the actual quote. But their anger just displays their ignorance. "I could care less" is the original and correct, and "I couldn't care less" is the ignorant "correction."