PDA

View Full Version : Sony Hacked Again: How Not to Do Network Security



Teh One Who Knocks
06-03-2011, 05:39 PM
By Tony Bradley, PCWorld


Yes. As unbelievable as it may seem, Sony was hacked again. It is not (entirely) Sony's fault that it is the target du jour for hackers everywhere. But, it is Sony's fault that its networks and servers seem to be trivial to hack and easy to pwn.

The trials and tribulations of Sony's epic struggle against hacks and data breaches over the past month or so are well-documented. You can read all about the breach of Sony Ericsson Canada, or Sony BMG Greece, or the Sony Playstation Network, or any of the other network attacks against Sony all over the Web.

LulzSec, the hacker collective responsible for the Wikileaks hacktivism attack and fake Tupac resurrection story on the PBS site last week, made it clear that Sony was the next target on its radar. Now it has made good on that threat with a hack of the Sony Pictures network, and claims to have compromised the account details of a million users.

Now, I am of the opinion that there is no such thing as absolute security. Any network is vulnerable given an attacker with sufficient skills, resources, and time. So, it would be very easy for me to be sympathetic to Sony's plight--except Sony seems to ignore compliance requirements and basic security best practices, so it is basically begging to be attacked. Shame on you, Sony. Seriously.

Andrew Brandt, lead threat research analyst for Webroot, agrees. "Lulz Security says the information they stole was entirely unencrypted, and while we can't verify Lulz's statements, we can say that companies should take this as a warning to check their internal methods of storing their customers' confidential information and make sure they comply with industry standards such as PCI-DSS."

According to Randy Abrams, director of technical education for ESET, if Sony did, in fact, store passwords in plain-text as LulzSec claims, it is nothing short of blatant negligence.

Fred Touchette of AppRiver adds. "There is no doubt that Sony needs to spend some major effort in tightening up its network security. This latest hack against them was a series of simple SQL Injection attacks against its web servers. This simply should not have happened."

So, aside from not pissing off the hacker collectives of the world, what can other companies do to prevent becoming a poster child for network insecurity? The best advice is that following security best practices, and implementing stronger network and data security controls is best done before you're a victim of hacks like these, not after.

Tim 'TK' Keanini, CTO of nCircle, cautions organizations, though, against security 'silver bullets' or shortcuts. He likens improving network security to losing weight or improving physical fitness. "No matter how hard you work it's going to take more than a few days, even if you focus on nothing else. Great security is about more than technology. It has to be baked into business processes and into every employee's brains as they go about their everyday activities."

Be proactive about following security best practices and data security compliance requirements. Don't be a Sony.

PorkChopSandwiches
06-03-2011, 05:40 PM
they may want to hire one of these hackers :lol:

Dragoness_Cutie
06-03-2011, 06:02 PM
Good lord. AGAIN?! Oiya... :rolleyes: I don't think I'll ever get to play my PS3 again. *Sighs*

samarchepas
06-03-2011, 06:20 PM
Good lord. AGAIN?! Oiya... :rolleyes: I don't think I'll ever get to play my PS3 again. *Sighs*

I'm playing online on mine right now...:lol: PSN is not affected by that "hack"...kinda weird that there is no mention of it on their website....:-k
BTW, The Welcome back pack is on :woot:

Softdreamer
06-03-2011, 06:33 PM
Do Sony use Norton???

:D

Teh One Who Knocks
06-03-2011, 06:48 PM
:roll:

redred
06-03-2011, 10:06 PM
The Welcome back pack is on :woot:

i need to get on with that

Jezter
06-04-2011, 07:27 AM
Even if it does not affect the PSN right now, this constant hacking and trouble will have an effect on their economy for sure and their brand imago will suffer aswell. As strong as it is, but still. Lets see if they can come up with some sort of campaign to overcome these troubles and win back customers who might have backed off cuz of all this.

Softdreamer
06-04-2011, 11:37 AM
I find this latest attack for more worrisome. Who cares if your COD scores get reset? were talking about confirmed credit card details being skimmed.

samarchepas
06-04-2011, 04:10 PM
Even if it does not affect the PSN right now, this constant hacking and trouble will have an effect on their economy for sure and their brand imago will suffer aswell. As strong as it is, but still. Lets see if they can come up with some sort of campaign to overcome these troubles and win back customers who might have backed off cuz of all this.

That's exactly why they made the "Welcome Back Program"...some will go...but the big part of people will stay (I'm in the big part :lol:) I'm just hoping that those hackers will change target soon...