Sony Pictures servers were hacked using a simple SQL injection, according LulzSec, a group of hackers claiming the attack and released on the Internet the personal information of more than one million users. According to the message they posted on Pastebin "SonyPictures. com was conquered by a very simple SQL injection vulnerabilities one of the most primitive and basic.
From a simple injection, we ALL (sic) gained. " "The worst is that every bit of data that we took were not encrypted. Sony stores over one million (sic) passwords of its customers in a text file, which means that it is simply a matter of taking it. Shame and a lack of security: they (the employees SonyPictures.
Com, Ed) looking for him. "Exclaims LulzSec in a statement. SonyPictures. com is not alone in having been touched. Dutch and Belgian sites of Sony BMG, the music division of the firm, have also suffered the same attack. The site has since been LulzSec offline and pages published databases were removed from the Web.
This attack would probably have less importance if Sony had not been the victim of one of the biggest hacks in the history of computing in April (see "Case PSN: over 100 million accounts compromised" ). Even if hackers claim that an injunction is an SQL attack very simple, it is not accessible to everyone.
Sony is not the first to have a flaw in its database. SQL injections are the second most common technique used to hack a server after the denial of service (see "Denial of service passes the SQL injection"). For cons, the fact that users' personal information are contained in an unencrypted text file is much more reprehensible.
In addition to user accounts, the pirates also stole coupons for Sony BMG websites. LulzSec is not his first attempt. May 30, he entered the PBS website. org, a U.S. television network, to protest against the negative tone of their story on Wikileaks. They broke into the servers and stole the IDs of employees.
They published an article without the knowledge of writing stating that the rapper Tupac was still alive and residing in New Zealand. A screenshot of the article is available Freze. it. For information, Tupac Shakur is a rapper who was killed in 1996. Rumors of an alleged apparition of Tupac in a remote part of American folklore as well as those on Elvis Presley.
From a simple injection, we ALL (sic) gained. " "The worst is that every bit of data that we took were not encrypted. Sony stores over one million (sic) passwords of its customers in a text file, which means that it is simply a matter of taking it. Shame and a lack of security: they (the employees SonyPictures.
Com, Ed) looking for him. "Exclaims LulzSec in a statement. SonyPictures. com is not alone in having been touched. Dutch and Belgian sites of Sony BMG, the music division of the firm, have also suffered the same attack. The site has since been LulzSec offline and pages published databases were removed from the Web.
This attack would probably have less importance if Sony had not been the victim of one of the biggest hacks in the history of computing in April (see "Case PSN: over 100 million accounts compromised" ). Even if hackers claim that an injunction is an SQL attack very simple, it is not accessible to everyone.
Sony is not the first to have a flaw in its database. SQL injections are the second most common technique used to hack a server after the denial of service (see "Denial of service passes the SQL injection"). For cons, the fact that users' personal information are contained in an unencrypted text file is much more reprehensible.
In addition to user accounts, the pirates also stole coupons for Sony BMG websites. LulzSec is not his first attempt. May 30, he entered the PBS website. org, a U.S. television network, to protest against the negative tone of their story on Wikileaks. They broke into the servers and stole the IDs of employees.
They published an article without the knowledge of writing stating that the rapper Tupac was still alive and residing in New Zealand. A screenshot of the article is available Freze. it. For information, Tupac Shakur is a rapper who was killed in 1996. Rumors of an alleged apparition of Tupac in a remote part of American folklore as well as those on Elvis Presley.
- LulzSec Does It Again. Sony Pictures' Website Hacked (03/06/2011)
- This Time It's Sony Pictures Being Hacked: Another Huge Data Breach (02/06/2011)
- One Million Sony Customer Details Stolen by LulzSec (03/06/2011)
- Sony Pictures Hacked, Over 1 Million Accounts Compromised (02/06/2011)
- Sony Pictures falls victim to major data breach - Computerworld (02/06/2011)
No comments:
Post a Comment