Nothing new nor surprising but just an affirmation that Sony’s woes are far from over.
Sony has been hacked almost 10 times in past three weeks. Though this is of little interest nor would want to specify the do’s and dont’s , cause the list of mistakes which admins and IT management team of Sony committed can be a thesis in itself. What were their intentions when they were designing / deploying such architecture is a matter to be analyzed.
This latest hack is based on SQL Injection Attack and those want to learn something about SQLi and its after-effects should analyze this hack.
There were two urls which were utilized to carry out this hack and the parameters were not handled properly.
Vulnerable Links:
SQLi #1: https://www.sonymusic.co.jp/bv/cro-magnons/track.php?item=7419
SQLi #2: https://www.sonymusic.co.jp/bv/kadomatsu/item.php?id=30&item=4490
The database structure and the hack has been leaked via pastebin
This has become a bit of a monotonous routine for all – keeping a tab on Sony’s hacks but this is far from over, one reason summarizes everything:
1: Sony has a huge market share in terms of consumers and one phishing attack can yield a treasure trove, after all more than 100 million accounts were compromised.
“Corporate accountability for data security” – in case of Sony, will this be a fact or a myth?
[Update]
Kaizen philosophy speaks about continuous improvement, had these rules been followed then this wouldn’t have happened. The gist of Kaizen can be found here and a little bit extended article is here.
1 Comments
Pingback: Sony | IT World Canada News