24-May-2011 12:09
Sony hacked again? This is getting tedious...
Can you believe it,Sony hacked again? This really is getting tedious…
The Sony Music Japan website has been subject to fresh hacking attacks exposing flaws on databases using SQL injection techniques at website: SonyMusic.co.jp
Thankfully, this time the specific databases did not contain names, passwords, PINs or any personally identifiable information which could have been exposed in the attacks.
It isn't yet clear whether the hackers are able to inject data into the database or simply access the tables and records contained therein.
Should they prove able to amend records, this could be used to insert malicious code & thus compromise any users browsing the site.
The last few weeks have proven rather unsettling for Sony.
Their PlayStation Network was out of action for weeks following theft by hacking of sensitive information hosted on the platform.
The next bad news was that an active phishing site was found on their Thailand portal before other hackers entered Sony’s Greek ‘site using similar SQL injection attacks..
Will Sony stop the bleeding?
The attackers stated in their message "This isn't a 1337 h4x0r, we just want to embarrass Sony some more."
Is Sony taking security issues sufficiently seriously or are there simply that many flaws that exist in their public facing sites that it will take them too long to patch them all?
Sony’s losses, following attacks on the gaming platforms alone, are in the region of $171 million but, & more importantly perhaps, its reputation could suffer badly if events continue in this way...
Will Sony learn from their mistakes before it’s too late?
They’ve recently announced that with the assistance of several organisations that they are updating security issues.
Let’s all hope - for Sony's sake - that this happens sooner rather than later.
Could it be a 'culture' divide?
May I suggest (or am I being politically incorrect) that some companies and nationalities, especially perhaps in the Far East, cannot admit that they may have 'problems' or 'security issues'?
Norman
The right thing to do in those cases is to build the network with security as a priority, Sony decided that it was more important to get quick results, Sony didn't get it after the first "lesson", now the cost might be much higher than implementing proper security measures.
Sometimes it's like an addiction problem: first you have to get aware that you have a problem, then you admit it with yourself and eventually you admit it with other people.
Generally big companies are run by executive with a background in marketing & sales rather than a technical one and even if they sell electronics / informatics services they condider them as sort of black boxes.
Even after having their server blasted a number of times they might have to struggle to recognize the nature of the problem as marketing & sales people never listen to technicians!