Print 95 comment(s) - last by AntDX316.. on May 27 at 8:42 AM

Sony Ericsson Canada was among the latest Sony online properties to be hacked and lose customer records. Sites in Indonesia and Thailand were also compromised and take down.  (Source: Wayfaring)
Should Sony quit the internet?

It's almost unprecedented.  We haven't seen something quite like this, since -- well, the days of the great Sony Corp. (6758battery recall.  It seems like every day there's a new Sony web property that's been compromised.

In recent weeks the company's two largest databases -- the PlayStation Network (PSN) database and the Sony Online Entertainment (SOE) database -- were fully compromised, multiple music sites/databases [1] [2] were compromised via SQL injection, $1,225 USD in points were stolen from a Sony ISP subsidiary, and Sony's servers were found to be hosting a malicious phishing page.

Now yet another attack has struck the befuddled company.

This time around hackers have struck Sony Ericsson’s Eshop online store for mobile phones in Canada, making off with 2,000 customer records.  The records include names, email addresses and encrypted passwords, Sony wrote in a statement it released late yesterday.

Idahca, a Lebanese hacking group, has claimed responsibility in a Pastebin dump of user records for the attack.  The hackers said that they could have gathered more sensitive details like credit cards, but declined to.

Sony sites in Thailand and Indonesia were also compromised, bringing the total of major breaches to 10 or possibly 11, based on our accounting.  It appears that all of these sites were infiltrated using the same SQL injection attack route (affectionately nicknamed a "Little Bobby Tables" attack), which took down the Sony BMG Greece and Japan sites earlier this week.  Sony appears to have done nothing effective to prevent its other sites, even after the earlier compromises.

Credit card information is stored on an e-commerce website, a standalone platform.  This platform is separate from the servers on which the user database is found.  Idahca's comments indicate that the group claims to have had access to the e-commerce servers as well.  Sony has shut down both the user server and the e-commerce servers, while it tries to investigate the breach.

Phil Lieberman, CEO of online security consulting firm Lieberman Software, said Sony made a fatal mistake in the flagrantly hostile approach it took towards the hacking community, with regards to Linux on the Sony PlayStation 3 -- a use it initially promoted.  He states, "Telling them to bring it on is not the best strategy. I think Sony is beginning to understand it horribly underinvested in security."

He said Sony's decision to sue beloved hardware hacker George "GeoHot" Hotz provoked "nuclear responses" from hackers.  Sony's suit against GeoHot was particularly controversial as the company sought -- and was granted access by federal courts -- to GeoHot's personal Twitter, Facebook, Gmail, and other accounts -- seemingly a gross invasion of privacy.

Sony is confident it will pay only $2 USD per lost record from its various web properties.  That's less than 1 percent of the average payout of $318 USD per lost record that was the average in 2010.  And in recent years the cost of data lost has tended to increase by a factor of 1.5 each year.  Clearly Sony is hoping for some sort of miracle to save it financially.

Sony also needs some sort of miracle to prevent more attacks.  Even with plenty of forewarning, Sony still looks as inept as ever; utterly clueless at securing its online properties.  The company clearly is lost as to what to do.  Of course -- worst case scenario -- Sony could always quit the internet.

The company is currently facing returns of its products internationally and class action lawsuits from disgruntled former customers.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Angry little men
By smitty3268 on 5/26/2011 1:58:26 AM , Rating: 3
Sony did not turn off the PS3, it's fully functional.

No, it's not. Where did you get that ridiculous idea from?

If anyone turned something off, it was the hackers.

Do you even know what's going on? First, Sony turned off a key feature in the PS3. Then hackers broke into their website - they did not turn off anything. Then Sony decided to turn off the website until they could create a new one that would be safer.

That would break key functionality. STOP!

Exactly, just like Sony did.

Wrong, EULA's are exactly legal.

Plenty of EULA's have been struck down in court. Others have been upheld. It's taken on a case by case basis.

Tell me something, has a federal judge looked into Sony for this supposed illegal removal of the "heavily advertised" Linux feature? NO. That might clue you in. A company as heavily over sighted as Sony couldn't pull this off if it wasn't completely above board.

They have in Europe. Like i said, legally speaking it depends on where you live and what laws you are covered by. Morally speaking it's a completely different matter.

This whole thing seems to break down to you arbitrarily deciding that OtherOS support wasn't an important feature. I'm sure that's what you believe, but it's not reality. Sony marketing sure didn't think so, anyway. If Sony decided to remotely disable one of the games you are trying to play on the PS3 and defended it by saying you had agreed to the EULA you'd be screaming bloody murder. The only difference is that you actually care about the game and not the OtherOS feature - plenty of other people are in exactly the opposite situation, and couldn't care less about the PSN but do care about the OtherOS feature. YOU ARE NOT THE SOLE ARBITER OF WHAT IS USEFUL AND WHY OTHERS BOUGHT THE PS3.

RE: Angry little men
By haplo602 on 5/26/2011 2:51:25 AM , Rating: 2
smitty3268 you have my admiration for trying to argue with that 1d10t. it is evident from his first 2 posts, that he cannot see past things directly stuck under his nose.

RE: Angry little men
By Reclaimer77 on 5/26/2011 6:37:17 PM , Rating: 2
First, Sony turned off a key feature in the PS3.

And that's where your argument gets retarded. Key feature? No. Not even close. Maybe a "gee wiz" feature for those Linux wackos, but their in such a minority it's not even funny.

Netflix support. Blu-Ray playback. Blu-Ray Live support. Playstation Network. These are "key" features and are what the public cares about.

If Sony decided to remotely disable one of the games you are trying to play on the PS3 and defended it by saying you had agreed to the EULA you'd be screaming bloody murder.

Apparently extreme analogies and stupid straw men are the only way you can debate something. This is the dumbest thing you've said since the Verizon turning off cell phones crock. This would NEVER happen. Just another smitty stupid "what if" that's not relevant at ALL.

Damn right people would scream bloody murder if a $60 game was made to not work. How much does Linux and the OtherOS feature cost people again? Oh yeah, NOTHING.


Yes, actually yes I am. Just get used to it. I AM A LIVING GOD!

"People Don't Respect Confidentiality in This Industry" -- Sony Computer Entertainment of America President and CEO Jack Tretton

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki