.

Sony hacked again..this time only 93,000 accounts

<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sat Oct 15, 2011 1:29 pm

Sony hacked again..this time only 93,000 accounts

http://paidcontent.org/article/419-sony ... n-quickly/

At least sony admitted the hacking a lot sooner than last spring. I dont know how they let this happen time after time.
OSCP in progress
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Oct 15, 2011 2:25 pm

Re: Sony hacked again..this time only 93,000 accounts

Sadly, folks just don't always get it, or if / when they finally do, they don't put enough time and $$ into remediation and problem resolution.  Even then, attackers will continue to put a lot of effort into going after Sony, time and time again, because now, they have a huge target painted on them, for the world to see.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sat Oct 15, 2011 6:32 pm

Re: Sony hacked again..this time only 93,000 accounts

With Sony being a huge company, I would think they had an elite security team?
OSCP in progress
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Oct 15, 2011 7:28 pm

Re: Sony hacked again..this time only 93,000 accounts

They very well might.

But here's the rub...

It happened once.  It happened twice.

Elite or not, SOMEBODY is still overlooking the holes, and they continue to do so.  Like I'd said, whether they like it or not, the target is there...

The thing about 'elite teams' is that sometimes they get so confident that they overlook little / simpler things.  I can't count on the fingers and toes, of my whole family, how many 'elite' network folks, for instance (the 'I'm a Cisco guy, and I know my setup is sound' types,) whom I've pointed out misconfigurations to, as well as the IT security teams, that often just don't understand that they DON'T know all there is to know, with regard to their network.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Oct 15, 2011 7:35 pm

Re: Sony hacked again..this time only 93,000 accounts

Fact / truth is, if they're THAT elite, they should be comfortable asking for help, because they should know that they don't know it all.  Sony needs to spend some serious time, energy and money on a total, top-to-bottom review of every system, every security measure, their security training... their entire security posture.  (You get the point.)

But when it's become a recurring event, not only is it embarassing, but it's a risk to your entire business, as well as the businesses of those that do business with you.

Sony'd better get on it.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sat Oct 15, 2011 7:55 pm

Re: Sony hacked again..this time only 93,000 accounts

So you think the hackers are using the same vulnerability every time?
OSCP in progress
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Oct 15, 2011 8:51 pm

Re: Sony hacked again..this time only 93,000 accounts

No.  I think you misunderstood my point.  I was responding to your 'elite' remark.  Fact is, I doubt it was the same thing, twice (although anything is possible.)

The point I'm making is this...  IF you've been hacked and been put in such a bad situation, once, you put effort into fixing things, ASAP.  IF you've been hacked twice, you'd REALLY better get on it, and find it (whether the same or different issues) because, unless your systems are changing THAT dynamically, which I doubt, then somebody missed something that probably should've been spotted in the 'elite' team's review, after the first incident came to light.

Granted, nobody will EVER be impenetrable, but it's becoming inexcusable to let that many records get leaked, that often, if you want to 'save face,' and NOT become every hacker's dream target.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Oct 15, 2011 9:03 pm

Re: Sony hacked again..this time only 93,000 accounts

Here's an example from my past, where there WAS the same hole exploited.  I won't name the company, but let's just say I found a MAJOR security hole for them, and reported it straight to their top folks (it was that major, that it needed addressed, ASAP.)

The response I got was that their 'elite' team had been aware of said issue, for over a year, and 'decided' it was a calculated risk.  Didn't matter that it was massively hackable, and I could easily take everything from their network, top to bottom...  The 'elite' folks had already decided, in their minds, that it was a necessary risk.  So, in this case, they WERE aware of a hole, yet didn't fix it.  

That doesn't mean Sony was aware of the first or second (or any still unremedied) holes.  But as you pointed out, they are huge, and therefore, once hole one was publicly disclosed, their efforts to find and remediate any others should've gone into high gear, because common sense dictates that, now, they have that target hanging out there.

(edit - please excuse multiple posts tonight, in succession...  Working from my phone, remote, and if typing gets too long, it times out during reply, and I lose it all.  So better to 'chunk it up' into a couple posts, when necessary)
Last edited by hayabusa on Sat Oct 15, 2011 9:07 pm, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sat Oct 15, 2011 9:11 pm

Re: Sony hacked again..this time only 93,000 accounts

Thanks hayabusa, sorry I misunderstood.

To have a company take a "calculate" risk is crazy on security, who makes that kind of decision?
OSCP in progress
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Oct 15, 2011 10:13 pm

Re: Sony hacked again..this time only 93,000 accounts

No need to apologize.  I just figured you missed what I was aiming at.  ;)

As for the 'calculated risk,' I think you'd be amazed at how often I've run into that.  You'd think they'd realize the position and risk they put themselves into, but sometimes, they'll amaze you.  I'm sure others here have similar war stories.  Just seems to be the norm, in the industry, and obviously, some folks need to pay more attention to regulations, as well as just apply some common sense.

Anyway, my two cents for the evening! 
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

p0et

User avatar

Full Member
Full Member

Posts: 197

Joined: Thu Nov 02, 2006 4:38 pm

Location: Victoria, Canada

Post Sat Oct 15, 2011 11:06 pm

Re: Sony hacked again..this time only 93,000 accounts

You're only as strong as your weakest link.  I can't believe how weak of an attack though.  If I remember correctly, it was just a simple SQL injection for the 2nd hack of Sony.  As mentioned, Sony probably has a whole team of highly trained security pro's and they have an unencrypted database vulnerable to simple SQL injection?
GCIH, Security+, Network+, A+, MCP, DCSE
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sat Oct 15, 2011 11:59 pm

Re: Sony hacked again..this time only 93,000 accounts

Seems like Sony deserved what happened to them. Seems a little reckless for such a strong and well known company.
OSCP in progress
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sun Oct 16, 2011 11:45 am

Re: Sony hacked again..this time only 93,000 accounts

I wonder if they really care about the holes. There isn't an alternative to their network for the Play Station, and I've ran in to users that don't really care, they just want to play their game on line. It wouldn't surprise me if they put more into PR spin for being hack, than they do the security to prevent being hacked.

Sometimes the people in charge don't even understand the risks, and still claim it's acceptable. Mostly because they think it won't happen. I have a great example from my experience. Mission critical equipment and multiple week business is down failures. The ones they had been warned about and deemed "acceptable risk", but still blamed me for when they happened.
OSWP, Sec+
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sun Oct 16, 2011 12:03 pm

Re: Sony hacked again..this time only 93,000 accounts

I dont know how users still give the playstation network personal information. I recently just bought ps3 but there is no way in hell my info is going in there. I rather max out my credit cards instead of someone else, thank you very much lol
OSCP in progress
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sun Oct 16, 2011 12:50 pm

Re: Sony hacked again..this time only 93,000 accounts

Yuck,

I think you're an acceptation not the norm. Look at TJ-MAX...

If you haven't listend to it, go find Down the Rabbit Hole episodes 1 &  2.
OSWP, Sec+
Next

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software