*ren* PSN Down, Customer Info Compromised
- Thread starter Cheezdoodles
- Start date
I thought it was 30days of PS+ for users with no PS+?
Good news about not needing the CC.
yes, if you had PS+ you get an extra 10 days on top of the 60 for the time it was down
LulzSec versus Sony Pictures
Take this for what it's worth... I do not know if this is new or old or to be trusted, but it's something to read about.
http://pastebin.com/Y38gCS82 - LulzSec versus Sony Pictures
Take this for what it's worth... I do not know if this is new or old or to be trusted, but it's something to read about.
http://pastebin.com/Y38gCS82 - LulzSec versus Sony Pictures
Ok. What I wonder even if true is why are they so obsessed so much with Sony and why do they call "faith" what is simply a normal interest in the product or service that just happens to be offered by some company called Sony Pictures??
They want so much to make people dislike Sony it is awkward. People are just using what they find and like. It doesnt necessarily have to do with some form of faith. They sound like fanboys or trolls found in internet forums. Obsessed with some kind of paranoia that people are blindly loyal, suck Sony penis and have sold their souls to their evil corporate empire. Which is not true. But even IF it was, why do they care?
They want so much to make people dislike Sony it is awkward. People are just using what they find and like. It doesnt necessarily have to do with some form of faith. They sound like fanboys or trolls found in internet forums. Obsessed with some kind of paranoia that people are blindly loyal, suck Sony penis and have sold their souls to their evil corporate empire. Which is not true. But even IF it was, why do they care?
Sounds like computer science kids who have free time to explore SQL injection (Like Mark Zuckerberg hacking into Harvard school systems).
Took a quick look at sonypictures.com, there is a simple php script to register your interest in Sony Pictures update. You need to enter your email address, DOB, etc. The scripts probably don't screen the input data.
It's different from a transaction engine though. At this point, I hope the SonyStyle site get another review.
EDIT: Saw some GAF posts regarding the leaked databases. They are sweepstake data. Heh... marketing databases and campaigns !
Took a quick look at sonypictures.com, there is a simple php script to register your interest in Sony Pictures update. You need to enter your email address, DOB, etc. The scripts probably don't screen the input data.
It's different from a transaction engine though. At this point, I hope the SonyStyle site get another review.
EDIT: Saw some GAF posts regarding the leaked databases. They are sweepstake data. Heh... marketing databases and campaigns !
deathindustrial
Regular
Seems legit. . .though it is almost all contest related submissions. Anything sent in for a contest like this is likely sold off to marketing agencies anyway so is probably already out there somewhere - when you offer up your personal info for a contest that's what you should expect. As an aside, I am still getting random snail mail addressed to "Stink Finger" after filling out some free magazine offers with silly info in the late 90's; entering a website contest will achieve the same sort of thing.
=)
My read of them being unable to access the full database is that there is some sort of limiter in place (either intentional or due resource exhaustion) that makes it far too noisy / time consuming to grab the full thing. I bet this is a case of a quick and dirty web application having a longer lifetime than expected (via copy and paste) . . . perhaps an overworked graphic designer being forced to also maintain these web apps?
Quite surprising though that over the last month and a half it never occurred to anyone at Sony Pictures that they would have a huge target painted on them and to perhaps take a boo at what all they had web facing. Negligent even.
Cheers
=)
My read of them being unable to access the full database is that there is some sort of limiter in place (either intentional or due resource exhaustion) that makes it far too noisy / time consuming to grab the full thing. I bet this is a case of a quick and dirty web application having a longer lifetime than expected (via copy and paste) . . . perhaps an overworked graphic designer being forced to also maintain these web apps?
Quite surprising though that over the last month and a half it never occurred to anyone at Sony Pictures that they would have a huge target painted on them and to perhaps take a boo at what all they had web facing. Negligent even.
Cheers
Yap... 
I am rather familiar with these applications (marketing-related campaigns). Always last minute job where marketing managers change their mind (what data to collect), and the agency late in delivering the artwork for the newsletters and sites.
The developers often have to work late to implement last minute changes before the bulk mailing goes out, or the day before the launch of the marketing campaign.
Again, it's better for Sony to centralize their public platforms. They should only implement the interactive marketing platform once, or outsource to another company totally. Then again, Epsilon -- the largest provider in this area -- was hacked 2-3 months ago ? (http://abcnews.go.com/Technology/epsilon-email-breach/story?id=13291589)
I think they are facing the Congress together with Sony for their own breach.
I am rather familiar with these applications (marketing-related campaigns). Always last minute job where marketing managers change their mind (what data to collect), and the agency late in delivering the artwork for the newsletters and sites.The developers often have to work late to implement last minute changes before the bulk mailing goes out, or the day before the launch of the marketing campaign.
Again, it's better for Sony to centralize their public platforms. They should only implement the interactive marketing platform once, or outsource to another company totally. Then again, Epsilon -- the largest provider in this area -- was hacked 2-3 months ago ? (http://abcnews.go.com/Technology/epsilon-email-breach/story?id=13291589)
I think they are facing the Congress together with Sony for their own breach.
http://www.engadget.com/2011/06/02/sony-pictures-hacked-by-lulz-security-1-000-000-passwords-claim/
sony pictures was hacked an 1m passwords were taken
sony pictures was hacked an 1m passwords were taken
The way they are using the term faith in their statement doesn't have any religious connotations or imply any kind of excessive devotion on the part of the persons affected by this breach. They are using "faith" in the sense of choosing to believe something without having supporting evidence to back up that belief. In this case, they are saying that the people who have given Sony their personal information had a belief that their information would be properly secured by Sony despite not having evidence that this would be the case and in fact there being lots of evidence to the contrary.
This one certainly seems to more have the character of an attack aimed directly at hurting Sony, though, with all of the pre and post-breach taunting. Not that this should make anyone who had their data stolen feel any more secure.
deathindustrial
Regular
Note exactly correct:
http://lulzsecurity.com/releases/sownage_PRETENTIOUS PRESS STATEMENT.txt
So only a small subset of the data was actually accessed.
http://lulzsecurity.com/releases/sownage_FILE CONTENTS.txt
Assuming no overlap between databases, the number of records compromised were 51,500. Of those, only 12,500 included more than email + password.
Cheers
If it's sweepstake databases, then the user info may not be paying Sony customers at all. Should be open to all because of fairness regulations in some states. The passwords are typically for checking whether you've won. Just use your "other" email address to participate in such events. These marketing databases are not well looked after usually (Unlike the main CRM database). They should also go away after the campaign, but not always.
*Shrug* Perhaps data is spread across many small databases and tables. Marketing folks usually do a lot of small experiments. They can issue some simple SQL scripts to total the number of rows. But not necessarily all of them are useful data.
It's high time someone step in. There have been an increase in hacks during the past few months (Sony, Lockheed Martin, Epsilon, etc.).
I hope the developers are ok. It's difficult to find good technical people doing campaigns because of rushed schedule, changing requirements, low pay, and the need to get all the HTML and Flash layout done absolutely right (for all browsers, down to pixel level accuracy) despite last minute asset changes. I know a few junior people doing this and eventually set up a small company. The agencies may outsource some of their work to small guys like them. Or it may be some internal junior programmers and interns handling the work.
They would have lost the small contract or assignment because of this.
It's high time someone step in. There have been an increase in hacks during the past few months (Sony, Lockheed Martin, Epsilon, etc.).
I hope the developers are ok. It's difficult to find good technical people doing campaigns because of rushed schedule, changing requirements, low pay, and the need to get all the HTML and Flash layout done absolutely right (for all browsers, down to pixel level accuracy) despite last minute asset changes. I know a few junior people doing this and eventually set up a small company. The agencies may outsource some of their work to small guys like them. Or it may be some internal junior programmers and interns handling the work.
They would have lost the small contract or assignment because of this.
I second that! We're so busy right now it's insane. I've been pen testing systems and documenting exploits for the past week and a bit, usually till the very early hours. It's like a feeding frenzy at the moment, like every script kiddie has got themselves a copy of metasploit or w3af and are having a cyber joy ride. Plus there's more going on under the cover of the noise that is being made at Sony.
I think we are also starting to see a new wave of SSL exploits off the back of the rogue X509's.
Short of every service provider scanning every site they host and taking vulnerable ones off line I don't see how they are going slow this situation down.
One thing that strikes me about these hacks though is that they are very much of the snatch and grab, very unrefined, variety. The good hacks are the one that install command consoles or back doors. Hell, even man in the middle attacks are potentially more damaging.
When we give information to a particular company we dont wait and think for a second "hey because its company A we will give information to company A" or "hey there is some chance our info are hackable in company A so I want bother". If we want a service or product we will simply try it out without thinking about the worst. Anything its possible.
Again we are going back to the same question. Why does he care so much that we give information to company A and why does he have the impression its because we have some special trust? We just do what we do to get a particular value from a product or service without thinking much about it or necessarily who makes them. How about companies from B to Z? How many of these are any more or less hackable?
we just found out that google's gmail was hacked last month.
http://www.engadget.com/2011/06/02/google-admits-sensitive-email-accounts-have-been-hacked-some-us/
I know the answer to the real question. I think its quite apparent actually .
Sorry, I haven't read the link you provided, but what I've heard and read elsewhere about the Google situation sounds a lot more like 'phishing' and very little like 'hacking' to me.
I don't think it's comprable to the Sony situation.
Similar threads
