Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Sony IT

Sony Music Greece Falls To Hackers 303

Posted by samzenpus from the kicking-them-while-they're-down dept.
xsee writes "Hackers: 6, Sony: 0. It appears an attacker has performed a SQL injection attack against SonyMusic.gr. The latest attack has exposed usernames, real names, email addresses and more. Is Sony's network being used as the world's largest public penetration test?"
This discussion has been archived. No new comments can be posted.

Sony Music Greece Falls To Hackers More

Sony Music Greece Falls To Hackers

Comments Filter:

  • Public penetration test (Score:5, Insightful)

    by mehrotra.akash ( 1539473 ) on Monday May 23, 2011 @12:15AM (#36213978)

    Isnt every network exposed to the public (esp. mid size or larger commercial ones) continously under attempted attack?

  • Karma's a bitch, Sony. (Score:4, Insightful)

    by jaskelling ( 1927116 ) on Monday May 23, 2011 @12:17AM (#36213984)
    Years of half baked products, poor reliability, hostile customer service, lazy innovation, and a general disdain for security are what your customers have had to deal with. I really don't care who is doing it to you or why - but I applaud them teaching you the hard lessons of the evolving technological age. You can't keep repeatedly flipping people the finger anymore and tell them to deal with it. Evolve or die. And no, my loathing isn't related to just the recent PS3 debacle. It extends to experiences with consumer audio, professional theatrical projection equipment, and so on right down the line. The fact that you're being taken out by the simplest of attacks in most cases just makes my smile grow a little more.

  • Re:But... why?! (Score:4, Insightful)

    by betterunixthanunix ( 980855 ) on Monday May 23, 2011 @12:21AM (#36214006)
    I would classify this as part of the more general category of "in band signalling." The telephone network learned the hard way why such a design is bad when people began to use blue boxes, but it still took decades for them to fix the problem. I suspect that it will be a while before we see a real fix to the SQL injection problem as well.

  • Sony = Consistent (Score:5, Insightful)

    by alphax45 ( 675119 ) <kyle.alfred@nOSPAM.gmail.com> on Monday May 23, 2011 @12:22AM (#36214012)
    Well at least they are consistent - none of their systems seem to have more than basic security.

  • people are stealing user info (Score:3, Insightful)

    by YesIAmAScript ( 886271 ) on Monday May 23, 2011 @12:23AM (#36214020)

    And you're egging them on?

    They aren't just doing this to Sony, they're doing this to the people who use the services too.

    Take it from a person had a gawker account. When they were hacked, it caused a great inconvenience for me.

  • Re:Karma's a bitch, Sony. (Score:2, Insightful)

    by rrohbeck ( 944847 ) on Monday May 23, 2011 @12:23AM (#36214022)

    +5.
    Remember when Sony products were cool because they were innovative? Today you're outing yourself as a mindless consumer if you buy anything Sony.

  • Re:people are stealing user info (Score:5, Insightful)

    by fotbr ( 855184 ) on Monday May 23, 2011 @12:28AM (#36214038) Journal

    In this case....I don't feel sorry for anyone doing business with sony. From my point of view, they made their bed, now they get to lay in it.

  • Re:people are stealing user info (Score:4, Insightful)

    by Killerchronic ( 1170217 ) on Monday May 23, 2011 @12:34AM (#36214078)
    It maybe a problem for users but this is a serious wakeup call to said users, no your data is not as safe as you think it is when you are handing it over to all these companies, its about time the cracks were shown to customers and just how slack these companies can be in keeping their protocols and systems running correctly. I am still laughing, im not a sony fan in any way, shape or form, obviously its bad its happening but its hilarious that a company this big has such lax security and is being exposed on an almost daily basis.

  • Re:Karma's a bitch, Sony. (Score:3, Insightful)

    by seanvaandering ( 604658 ) <sean@vaandering.gmail@com> on Monday May 23, 2011 @12:34AM (#36214084)
    Other than getting a free Sony Blu-Ray player recently, I really try to avoid Sony products as a rule. I used to LOVE them, their receiver line was one of the best ten years ago, but the only thing I would entertain buying these days is MAYBE a LCD TV. There is just so much better choices out there these days and i'm not into buying name brand for the name anymore.. having a family will do that to ya :)

  • Re:Sony will be secure? (Score:2, Insightful)

    by Anonymous Coward on Monday May 23, 2011 @12:35AM (#36214090)

    Yes, and you would think the airlines would strengthen the door after the first cockpit invasion back in the 30s or 40s, whenever it was, but we had to wait until the mother of all hijackings before this most basic move was undertaken.. What we will probably get is some kind of 'TSA' for the internet instead. History repeats itself in many ways.

  • "Is Sony's network being used as ..." (Score:5, Insightful)

    by QuasiSteve ( 2042606 ) on Monday May 23, 2011 @12:39AM (#36214120)

    Is Sony's network being used as the world's largest public penetration test?

    No, every other scriptkiddie is just joining in on teh lulz of flogging the dead horse. "ZOMG I sql injectioned a SONY site! Yeah, it's got nothing to do with PS3 or PSN, and yeah it's some site in Greece, but lulz amirite!?"

    It's even in the bloody article, isn't it?

    As I mentioned in the Sophos Security Chet Chat 59 podcast at the beginning of the month, it is nearly impossible to run a totally secure web presence, especially when you are the size of Sony. As long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them.

    It appears someone used an automated SQL injection tool to find this flaw. It's not something that requires a particularly skillful attacker, but simply the diligence to comb through Sony website after website until a security flaw is found.

    I mean.. honestly?

    They could be running this against $random_site and try to hit the news with it, too.. but they wouldn't.. because nobody cares about a random hack at a random site right now.. but if it's got SONY attached to it.. well.. lulz rules the news.

    None of which excuses the poor security.. but none of which excuses the submitter from his choice of words either.

  • Re:Being positive here... apk (Score:5, Insightful)

    by compro01 ( 777531 ) on Monday May 23, 2011 @12:40AM (#36214126)

    SONY now knows 1 good thing from this: How to stop it from happening again on this and other sites/domains they own & host websites from.

    How to stop this particular attack.

    Available evidence suggests they have no shortage of dailyWTF-worthy screwups that people can continue to exploit.

  • Re:Karma's a bitch, Sony. (Score:5, Insightful)

    by Opportunist ( 166417 ) on Monday May 23, 2011 @12:49AM (#36214172)

    Remember when Sony products were cool because they were innovative?

    Yes, I'm actually that old.

    I guess we should explain for the kids here since I guess they can't even imagine it: Sony was cool. Not just like Apple today, with fanboys liking it and everyone else hating it, it was THE cool brand. They had innovative products with never seen before features and a kickass support that didn't bother to ask for details, they just threw a new model at you if the old one croaked, which was actually unlikely because, hey, it was a SONY, they don't fall apart! People were proud to have Sony speakers and Sony radios in their cars, they were proud to have a Sony walkman (as if you could get any others, after all it was a brand name) and they had every right to be proud, they bought something of lasting value!

    I admit, it's very hard to believe that today.

  • Re:Public penetration test (Score:5, Insightful)

    by MagusSlurpy ( 592575 ) on Monday May 23, 2011 @12:56AM (#36214200) Homepage
    Yes, but to be fair to Sony (which really pains me), they are currently the focus of every bored script kiddie in the world right now, as well as most of the legitimately pissed-off, skilled hackers. While there may not be such a thing as "security through obscurity," there is a lot to be said for not having a target the size of Montana painted on your servers.

  • Re:"Is Sony's network being used as ..." (Score:2, Insightful)

    by flimflammer ( 956759 ) on Monday May 23, 2011 @01:02AM (#36214230)

    Jesus Christ, man. How far did that stick get wedged up your ass?

  • Re:"Is Sony's network being used as ..." (Score:4, Insightful)

    by DurendalMac ( 736637 ) on Monday May 23, 2011 @01:06AM (#36214248)
    Kinda makes you wonder why Sony was vulnerable to exploits that could be found in skiddie tools. If someone had to actually dig for an exploit or found a new one to use against them, then that would be something, but when skiddies can breach your network then you seriously need to fire the guys in charge of security because they suck at their jobs.

  • Re:people are stealing user info (Score:5, Insightful)

    by LordLucless ( 582312 ) on Monday May 23, 2011 @01:10AM (#36214276)

    So your saying, by doing this they're going to drive customers away from Sony, reduce their income stream, and eventually remove them from the world of global commerce?

    Wow, that sounds...terrible

  • Re:"Is Sony's network being used as ..." (Score:5, Insightful)

    by LordLucless ( 582312 ) on Monday May 23, 2011 @01:14AM (#36214290)

    As long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them.

    It almost seems as if deliberately screwing people over doesn't really pay off, doesn't it?

  • Is Sony's network being used as the world's largest public penetration test?"

    No more than HB Gary was.

    To wit: This is the prescription for being attacked mercilessly, for months on end:

    1. 1. Produce an item that is clearly advertised as having feature X, where feature X is useful only to really, really good programmers. You know - the ones who spend their time cracking the hardest problems using array of specialised parallel processors.
    2. 2. Sell the item to lots of people, who hand over their money on the basis of having feature X.
    3. 3. Some years later, withdraw feature X, so the all the software these people have invested years in creating is blown away.
    4. 4. When said programmers then fairly legitimately, extract your secret keys so they can restore feature X, unleash a phalanx of lawyers to peruse them within an inch of their financial lives, until they recant.

    At that point you will discover what sort of damage a bunch of really pissed off top notch programmers can do.

    With luck all the other psychopathic mega corporations around the world are watching and learning. The lesson is simple: don't poke a hornets nest.

  • Re:people are stealing user info (Score:1, Insightful)

    by JohnRoss1968 ( 574825 ) on Monday May 23, 2011 @02:23AM (#36214552)

    At this point I would have to say this is SONY's fault.
    How inept can your IT dept be.
    They should just shut the whole thing down and redo it right, like they should have done it the first time.
    3....
    2....
    1.....
    Let the Fanboys commence defending SONY for their lackluster performance.

  • How does this even happen? (Score:4, Insightful)

    by rebelwarlock ( 1319465 ) on Monday May 23, 2011 @02:37AM (#36214618)
    One of the first things you learn about web programming is to clean any string a user touches. If there's even a remote possibility that a user submitted something, clean it before putting it in your query. How is it even possible that someone would be given money for web programming before learning this? That's not even a rhetorical question; I'm genuinely interested in the answer.

  • They probably wanted to save money (Score:4, Insightful)

    by elucido ( 870205 ) * on Monday May 23, 2011 @02:41AM (#36214638)

    It's cheaper not to hire or pay for information security.

    And when they do they probably don't hire the best. Let's face it, Sony is not innocent and I could care less what happens to Sony. I don't own Sony stock, I don't work for Sony, and I don't own any Sony products except for an old PSX. So I just don't care what happens to Sony.

    Maybe other companies will now give a shit about information security.

  • Re:people are stealing user info (Score:5, Insightful)

    by justforgetme ( 1814588 ) on Monday May 23, 2011 @04:42AM (#36215186) Homepage

    ohh, wait I have to say something about this!!!!

    I was in a bank once, while it was being robed! Ok, it wasn't the nicest experience I ever had and I might have been inconvenienced a bit.
    Did I lose the money I had in the bank? No.
    Did I loose the info I had stored in it? No.
    Did I manage to do the jobs I had with the bank? Yes, I just went to another branch.

    So if you are going to create a service infrastructure that hasn't enough failsaves and backup plans to deal with a simple digital break in then you damn well deserve to be reduced to the economic equivalent of decarbonized organic material... And all people who trusted your Services (including Yours truly) deserve a very big refund for your incompetence and a big slap in the face for being such fools!

  • Re:people are stealing user info (Score:4, Insightful)

    by erroneus ( 253617 ) on Monday May 23, 2011 @05:05AM (#36215274) Homepage

    There are no Sony fanboys. There are people who are addicted enough to their games that they can't see who is behind them or that they don't care who they work with or where the data flows. But to call them fanboys is a stretch of the imagination. Sony doesn't have "fans." Just consumers.

Slashdot Top Deals

If all else fails, lower your standards.

Close