Sony websites hacked once again: 1 million accounts, databases stolen

[TheAvenged87]

Good question Scooby.

@TheAvenged87: You make a valid point. The fact the posted the data they stole already would point to the fact that they actually succeeded...unless they are hoaxing everyone with data they posted. I somehow doubt it. What's more is the glaring error and simple hack method. It's so simplistic that it makes sense. Something small can usually be overlooked.

Hey. I will be the first person to admit I was wrong when this all turns out to HAVE been just a joke, but for the moment I am throwing my hat in the ring saying this is true.

Really wondering what will happen next. Considering the nature of the data...that can and will have serious consequences if this DOES prove to be a legit.

Indeed. This is all speculation from my side, but something doesn't make sense here. Either the security implemented at Sony, is not up to scratch or these hackers are just full of themselves. We'll see in the next few days what happens. I do think that something happened there, but the extent of their success remains to be seen.

 

[m3n4ce]

LMGA!!! Very funny!!

 

[Orihalcon]

Thank you Blackhand for confirming the SQL vulnerability actually does exist. Waiting for the Sony spin doctors to start revving up

Will be interesting to see their answer to this.

 

[matt]

Thank you Blackhand for confirming the SQL vulnerability actually does exist. Waiting for the Sony spin doctors to start revving up

Will be interesting to see their answer to this.

Yep SQL Injection is one of the oldest tricks in the book. I've had to unhack a client's site (site was written by some other company btw) that was nailed with this. Also found that you could get into the admin site without a password, so had to fix that as well.

Another site that I had to pick up and fix was using a full path to the include files, so hackers just put in a path to their own file on their own server and ran scripts to create a bunch of phishing pages on the site.

Here's a little toon from xkcd to show how easy SQL Injection is

 

[wheunis]

Why don't they just setup a proper honey pot system...

Because any hacker worth his salt can spot a honeypot from several hops away.
Hell, I can spot a honeypot easy as pie, and I'm not even 10% of what most these kids are in skill...

Maybe sony did this on purpose so they can find the hackers? Everyone leaves a trace specially when you hack into a sql database. So this to me says that Sony had a brainstorming about this and figured they'd do something like this...
The other thing that doesn't make sense to me is the encryption... SQL's got a basic encryption built in when you create a database. So I don't quite understand, and why steal music coupons... REALLY? Music coupons?

MS SQL has builtin decryption, yes. Disabled by default. Most other SQL packages have BASIC encryption optional, but also disabled by default.
These default encryption schemes are useful, yes. But nowhere near powerful enough to not be hashed through in about a week by a nice cloud decryption run.

Yep SQL Injection is one of the oldest tricks in the book
(snip)

Oldest indeed.
SQL injects are so old and common knowledge that most "hacking for dummies" type resources use it as the prime example for "learning" to hack.
Nice 'toon, hehe.


Imo, if this is true and Sony got penetrated by a simple SQL inject, they deserve every little bit of every damage that any hacker can inflict to them for the rest of eternity.