Ok. What I wonder even if true is why are they so obsessed so much with Sony and why do they call "faith" what is simply a normal interest in the product or service that just happens to be offered by some company called Sony Pictures??
They want so much to make people dislike Sony it is awkward. People are just using what they find and like. It doesnt necessarily have to do with some form of faith. They sound like fanboys or trolls found in internet forums. Obsessed with some kind of paranoia that people are blindly loyal, suck Sony penis and have sold their souls to their evil corporate empire. Which is not true. But even IF it was, why do they care?

Sounds like computer science kids who have free time to explore SQL injection (Like Mark Zuckerberg hacking into Harvard school systems).

Took a quick look at sonypictures.com, there is a simple php script to register your interest in Sony Pictures update. You need to enter your email address, DOB, etc. The scripts probably don't screen the input data.

It's different from a transaction engine though. At this point, I hope the SonyStyle site get another review.

EDIT: Saw some GAF posts regarding the leaked databases. They are sweepstake data. Heh... marketing databases and campaigns !

Seems legit. . .though it is almost all contest related submissions. Anything sent in for a contest like this is likely sold off to marketing agencies anyway so is probably already out there somewhere - when you offer up your personal info for a contest that's what you should expect. As an aside, I am still getting random snail mail addressed to "Stink Finger" after filling out some free magazine offers with silly info in the late 90's; entering a website contest will achieve the same sort of thing.

=)

My read of them being unable to access the full database is that there is some sort of limiter in place (either intentional or due resource exhaustion) that makes it far too noisy / time consuming to grab the full thing. I bet this is a case of a quick and dirty web application having a longer lifetime than expected (via copy and paste) . . . perhaps an overworked graphic designer being forced to also maintain these web apps?

Quite surprising though that over the last month and a half it never occurred to anyone at Sony Pictures that they would have a huge target painted on them and to perhaps take a boo at what all they had web facing. Negligent even.

Cheers

Yap... :lol: I am rather familiar with these applications (marketing-related campaigns). Always last minute job where marketing managers change their mind (what data to collect), and the agency late in delivering the artwork for the newsletters and sites.

The developers often have to work late to implement last minute changes before the bulk mailing goes out, or the day before the launch of the marketing campaign.

Again, it's better for Sony to centralize their public platforms. They should only implement the interactive marketing platform once, or outsource to another company totally. Then again, Epsilon -- the largest provider in this area -- was hacked 2-3 months ago ? (http://abcnews.go.com/Technology/eps...ry?id=13291589)

I think they are facing the Congress together with Sony for their own breach. :lol:

http://www.engadget.com/2011/06/02/s...sswords-claim/

sony pictures was hacked an 1m passwords were taken

The way they are using the term faith in their statement doesn't have any religious connotations or imply any kind of excessive devotion on the part of the persons affected by this breach. They are using "faith" in the sense of choosing to believe something without having supporting evidence to back up that belief. In this case, they are saying that the people who have given Sony their personal information had a belief that their information would be properly secured by Sony despite not having evidence that this would be the case and in fact there being lots of evidence to the contrary.

This one certainly seems to more have the character of an attack aimed directly at hurting Sony, though, with all of the pre and post-breach taunting. Not that this should make anyone who had their data stolen feel any more secure.

Note exactly correct:

http://lulzsecurity.com/releases/sow...0STATEMENT.txt

So only a small subset of the data was actually accessed.

http://lulzsecurity.com/releases/sow...20CONTENTS.txt

Assuming no overlap between databases, the number of records compromised were 51,500. Of those, only 12,500 included more than email + password.

Cheers

Seems about right.

If it's sweepstake databases, then the user info may not be paying Sony customers at all. Should be open to all because of fairness regulations in some states. The passwords are typically for checking whether you've won. Just use your "other" email address to participate in such events. These marketing databases are not well looked after usually (Unlike the main CRM database). They should also go away after the campaign, but not always.

Yeah and plus dumping only 50krecords of a databse it's piddly in the amount of time it takes so it sounds more like they couldn't get all they wanted for whatever reason then oh we just stopped.

*Shrug* Perhaps data is spread across many small databases and tables. Marketing folks usually do a lot of small experiments. They can issue some simple SQL scripts to total the number of rows. But not necessarily all of them are useful data.

It's high time someone step in. There have been an increase in hacks during the past few months (Sony, Lockheed Martin, Epsilon, etc.).

I hope the developers are ok. It's difficult to find good technical people doing campaigns because of rushed schedule, changing requirements, low pay, and the need to get all the HTML and Flash layout done absolutely right (for all browsers, down to pixel level accuracy) despite last minute asset changes. I know a few junior people doing this and eventually set up a small company. The agencies may outsource some of their work to small guys like them. Or it may be some internal junior programmers and interns handling the work.

They would have lost the small contract or assignment because of this.

I second that! We're so busy right now it's insane. I've been pen testing systems and documenting exploits for the past week and a bit, usually till the very early hours. It's like a feeding frenzy at the moment, like every script kiddie has got themselves a copy of metasploit or w3af and are having a cyber joy ride. Plus there's more going on under the cover of the noise that is being made at Sony.

I think we are also starting to see a new wave of SSL exploits off the back of the rogue X509's.

Short of every service provider scanning every site they host and taking vulnerable ones off line I don't see how they are going slow this situation down.

One thing that strikes me about these hacks though is that they are very much of the snatch and grab, very unrefined, variety. The good hacks are the one that install command consoles or back doors. Hell, even man in the middle attacks are potentially more damaging.

When we give information to a particular company we dont wait and think for a second "hey because its company A we will give information to company A" or "hey there is some chance our info are hackable in company A so I want bother". If we want a service or product we will simply try it out without thinking about the worst. Anything its possible.
Again we are going back to the same question. Why does he care so much that we give information to company A and why does he have the impression its because we have some special trust? We just do what we do to get a particular value from a product or service without thinking much about it or necessarily who makes them. How about companies from B to Z? How many of these are any more or less hackable?

we just found out that google's gmail was hacked last month.

http://www.engadget.com/2011/06/02/g...acked-some-us/


I know the answer to the real question. I think its quite apparent actually .

Sorry, I haven't read the link you provided, but what I've heard and read elsewhere about the Google situation sounds a lot more like 'phishing' and very little like 'hacking' to me.

I don't think it's comprable to the Sony situation.

Just like anyone giving their info to MS or Amazon or an online banking service. Or even forming a business partnership with a friend believing they won't stab you in the back (continuing the Zuckerberg reference), or getting married on the faith your spouse isn't going to cheat on you. A great many decisions we make are made on faith in the integrity of the people we interact with.

If this database was created before PSNHack, there'd be no reason to doubt Sony's security. And TBH there's good reason to put one's faith in Sony's security now as they've been actively, publicly addressing it, whereas other companies people share personal information with remain a private unknown. The reason for questioning Sony's security at this point, IMO, is because it's obvious the hackers are targeting them specifically - it's not so much Sony's security one has to worry about, but these hacker chumps!

I just bought Under Siege by the way, that was my first actual use of my credit card since the store went back up. I did not have to do anything special, went just like before.

Also, I noticed that my second PS3 was deactivated and I had to reactivate it. Could only do that this morning as before that activation failed due to a timeout or something similar, but it worked fine. I think there's a small silver line to this, in that my broken PS3 was not yet deactivated, but now I probably don't have to get that done through support.

That would be nice. Also is anyone having trouble with other PSN network services? I tried to log onto the blog yesterday on PS3 and it failed with the maintenance notice, but I can log onto PS3 just fine. I also cannot log onto LBP.me, always being told there's maintenance going on.

I've been getting errors associated with the massive amounts of load their servers have been facing recently is about it.

Yeah, the browser login for PSN seems to be down still, just tried LBP.me myself.

That seems unwise to me.

The statement wasn't even implying special trust. It was just trust, period. As for their motivations? It's probably the usual for hackers; they have some some BS justification to do something destructive because they can and because they can show "how much smarter they are" than a giant multinational corporation. It's an ego trip and, of course, there's "the lulz".

I only thought that Nesh was reading too much into their use of the word "faith". I don't really think there's too much to take away from this hack that the group's name doesn't already make quite plain.

Unwise? As if you have access to the inside security info of every company, institution, internet forum or online store, so you check before you give your information?

About trust thats exactly the point. Its trust at its simplest possible form that we have. The same and identical across all companies. So...why challenge that simple trust in giving information in some company called Sony? These guys are obsessed with one particular company. And there are countless out there

There were at least 2 instances. The very first one penetrated deep and is sophisticated according to Google themselves. That's when they threatened to pull out of China. The ones reported above are much more recent.

You've now made a series of posts that seem to indicate that one should assume everything is fine unless one has reason to believe differently. I think that is dangerously naive thinking. I am usually very cautious about giving out my personal information and the PSN and SOE breaches have only reinforced that tendency. I believe you should always at least consider the risk vs. reward when you provide this information and only if you then deem the risk small enough or the reward large enough make the decision to input the information.