backtop


Print 95 comment(s) - last by AntDX316.. on May 27 at 8:42 AM


Sony Ericsson Canada was among the latest Sony online properties to be hacked and lose customer records. Sites in Indonesia and Thailand were also compromised and take down.  (Source: Wayfaring)
Should Sony quit the internet?

It's almost unprecedented.  We haven't seen something quite like this, since -- well, the days of the great Sony Corp. (6758battery recall.  It seems like every day there's a new Sony web property that's been compromised.

In recent weeks the company's two largest databases -- the PlayStation Network (PSN) database and the Sony Online Entertainment (SOE) database -- were fully compromised, multiple music sites/databases [1] [2] were compromised via SQL injection, $1,225 USD in points were stolen from a Sony ISP subsidiary, and Sony's servers were found to be hosting a malicious phishing page.

Now yet another attack has struck the befuddled company.

This time around hackers have struck Sony Ericsson’s Eshop online store for mobile phones in Canada, making off with 2,000 customer records.  The records include names, email addresses and encrypted passwords, Sony wrote in a statement it released late yesterday.

Idahca, a Lebanese hacking group, has claimed responsibility in a Pastebin dump of user records for the attack.  The hackers said that they could have gathered more sensitive details like credit cards, but declined to.

Sony sites in Thailand and Indonesia were also compromised, bringing the total of major breaches to 10 or possibly 11, based on our accounting.  It appears that all of these sites were infiltrated using the same SQL injection attack route (affectionately nicknamed a "Little Bobby Tables" attack), which took down the Sony BMG Greece and Japan sites earlier this week.  Sony appears to have done nothing effective to prevent its other sites, even after the earlier compromises.

Credit card information is stored on an e-commerce website, a standalone platform.  This platform is separate from the servers on which the user database is found.  Idahca's comments indicate that the group claims to have had access to the e-commerce servers as well.  Sony has shut down both the user server and the e-commerce servers, while it tries to investigate the breach.

Phil Lieberman, CEO of online security consulting firm Lieberman Software, said Sony made a fatal mistake in the flagrantly hostile approach it took towards the hacking community, with regards to Linux on the Sony PlayStation 3 -- a use it initially promoted.  He states, "Telling them to bring it on is not the best strategy. I think Sony is beginning to understand it horribly underinvested in security."

He said Sony's decision to sue beloved hardware hacker George "GeoHot" Hotz provoked "nuclear responses" from hackers.  Sony's suit against GeoHot was particularly controversial as the company sought -- and was granted access by federal courts -- to GeoHot's personal Twitter, Facebook, Gmail, and other accounts -- seemingly a gross invasion of privacy.

Sony is confident it will pay only $2 USD per lost record from its various web properties.  That's less than 1 percent of the average payout of $318 USD per lost record that was the average in 2010.  And in recent years the cost of data lost has tended to increase by a factor of 1.5 each year.  Clearly Sony is hoping for some sort of miracle to save it financially.

Sony also needs some sort of miracle to prevent more attacks.  Even with plenty of forewarning, Sony still looks as inept as ever; utterly clueless at securing its online properties.  The company clearly is lost as to what to do.  Of course -- worst case scenario -- Sony could always quit the internet.

The company is currently facing returns of its products internationally and class action lawsuits from disgruntled former customers.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Angry little men
By deanx0r on 5/25/2011 10:24:46 AM , Rating: 2
Sony is surely not without fault. But it does not matter who started it nor who will win it. Customers are the ones getting shafted here. This war will probably put Sony further deep in the red. Who do you think they will pass those expenses on?

Certainly not the hackers.


RE: Angry little men
By xti on 5/25/11, Rating: -1
RE: Angry little men
By RadnorHarkonnen on 5/25/2011 10:36:47 AM , Rating: 5
Plenty of people bought a PS3 to run linux on it. Some of them just don't game on it. With linux on , it was supercomputing to the masses, without it is just another crappy console.


RE: Angry little men
By Reclaimer77 on 5/25/11, Rating: -1
RE: Angry little men
By Jalek on 5/25/11, Rating: 0
RE: Angry little men
By Cheesew1z69 on 5/26/2011 8:37:15 AM , Rating: 1
RE: Angry little men
By Arsynic on 5/25/11, Rating: 0
RE: Angry little men
By freeagle on 5/25/2011 3:56:59 PM , Rating: 2
The GPU is not the most interesting part of PS3, it's CELL CPU is quite interesting piece of silicon. We used PS3 for some of our school assignments ( yes, running Yellow Dog ) and with clever coding, some algortihms could achieve speeds an order of magnitude higher than their serial versions

Link to speed increases of our assignment results ( I hope it's accessible outside of our university domain). This particular assignment computed the Levenshtein edit distance of 2 strings:
http://ulita.ms.mff.cuni.cz/pub/predn/ppp/ppp10/du...


RE: Angry little men
By poundsmack on 5/25/2011 11:25:31 AM , Rating: 3
Even the US Navy bought a ton of PS3's to run linux on as a super computing platform: http://www.gamepro.com/article/news/213076/u-s-mil...


RE: Angry little men
By kerpwnt on 5/25/2011 10:59:45 AM , Rating: 5
The PS3 isn't a product that "didn't deliver." Sony advertised and shipped the OtherOS feature when the PS3 was launched. Then, a few years later, some Sony exec decided that OtherOS was a threat to their intellectual property and had it removed from all up-to-date consoles. Now, some of their customers feel like Sony has removed a feature that they paid good money for.

This group is obviously a minority, but that doesn't mean their voice should be disregarded.


RE: Angry little men
By Hieyeck on 5/25/2011 12:27:16 PM , Rating: 2
It's a minority with guns, bombs, and fighter jets.

http://www.physorg.com/news/2010-12-air-playstatio...


RE: Angry little men
By HrilL on 5/25/2011 12:36:57 PM , Rating: 3
Yeah the Navy and Air forces clouds of 20K+ PS3 is 14 people alright. How are they supposed to replace broken PS3s with no way to downgrade them or run Linux on the new firmware. I'm sure they were not the only ones running massive farms of PS3s.


RE: Angry little men
By Reclaimer77 on 5/25/2011 1:10:02 PM , Rating: 2
That's a retarded argument. We're not talking about government use here, obviously. And they could EASILY contract Sony to provide them with special use PS3's. It's a simple matter of firmware after all, hello???

Do you honestly believe the Navy and Air force built these farms with NO agreement with Sony in place before hand? Use your brain!


RE: Angry little men
By HrilL on 5/25/2011 2:47:20 PM , Rating: 3
From what I read they bought them off the shelf just like anyone else. The reason being that Sony and IBM? have actual servers that use the Cell CPUs that cost multiple magnitudes more that they wanted companies and governments to buy. Also the price of a PS3 is bellow that of what it cost to produce because Sony knows they'll normally make that back in game purchases. So in all likelihood No Sony would not have made a deal with them because they would be losing money.


RE: Angry little men
By xti on 5/26/2011 11:33:53 AM , Rating: 1
and paid full price? really?

14 people stands.


RE: Angry little men
By HrilL on 5/26/2011 1:20:31 PM , Rating: 2
buying from a reseller and from Sony is not the same. A reseller could give a rats ass if Sony loses money on each sale. And yes the Navy and Air force would get a volume discount from a reseller... No ones arguing that. But It is doubtful that Sony sold directly to them.


RE: Angry little men
By Uncle on 5/26/2011 2:47:29 AM , Rating: 2
"Who do you think they will pass those expenses on?
Certainly not the hackers. "

and certainly not the consumers who will buy elsewhere.


"Google fired a shot heard 'round the world, and now a second American company has answered the call to defend the rights of the Chinese people." -- Rep. Christopher H. Smith (R-N.J.)














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki