Sony Website Hacked By the "Lulz Boat"

[MrTub]

That is assuming what they are saying is true. As a rule I don't believe thieves. They stole thousands of peoples personal info how the acquired it is of little relevance passed the fact that they stole it.

Edit: Yes the only thing we as consumers can take from this is be carefull about what you put online.

They have no reason to lie, whereas SONY would have several.
Also they didn't do any of this for the money, they just did it for fun and humiliating SONY further or they wouldn't have put the data online.

I also find it funny that a lot of people seems to assume those people are from the US instead of Russia, Eastern Europe (Romania, Ukraine etc.) or Asia and that the "FBI" has any say in the matter.

Why are you defending the hackers... Just why...

Why are you defending a corporation that clearly fails to use the basic protection for their customers?

No, no, he actually makes a good point. Let's compare to the legal system. Just because the security guard was asleep at the museum, it's okay to go in and raid the place? That IS basically what you're saying. Besides, initially they were hacked by Anonymous, who hack the Pentagon for fun, so whether they were secure or not is moot. If you're being fired at by a tank, it doesn't even matter if you brought riot gear like you were ordered. Sure, blame Sony for not being secure. They messed up. But in no way does that make pilfering data an innocent thing. We keep looking at this from a hero-villain perspective, with Sony as the villain. Is it not conceivable that both parties are wrong?

Again when did I ever say that the hackers are doing something good?

When you insisted Sony holds ALL the blame. You didn't say they did something good, you said they did nothing wrong, if not in words but in open implication.

When did I insisted that Sony holds all the blame?


I do think Sony holds some blame considering they didnt even encrypt the passwords and such (According to the info)

But I do know that no system is perfect and good hackers will find a way but if the hackers did use the method they claimed to use then I do think Sony holds some blame.

Quit bouncing back and forth. You complain people are defending sony in one post, than try to act like its not all their fault in the second.

Pick a side.

Why should I have to pick a side?

I do not think Sony deserved to be hacked and in a perfect world you wouldnt need a protection against hackers but since this is the real world and therefor I think Sony failed to protect their customers data by not using encryptions and such.

TLDR: Hackers are bad but they do exist and you should try your best to come up with systems against them!

because if your going to hark on poeple for defending sony, you yourself cannot defend it. Thats called being a hypocrite.

Meh call me a hypocrite I really do not care.

I've wrote my view on this, and I do not think hacking is alright but I do also think that you should protect your costumers data (which I think Sony clearly failed to do if the hackers used the methods they claimed to use)

II don't care if you care. I'm telling you what you did.

You said "well poeple are defending sony" in response to why your still responding.

and than you TURN AROUND AND PARTIALLY DEFEND SONY.

Hypocrite by exact definition. sorry, just calling what I'm seeing.

Good for you =) But I honestly do not care.

When I wrote that part about people defending Sony I meant that they do not think Sony did anything wrong at all. But I guess you are going to call me lier now =)

And I do understand meant and wrote is two different things so I could see how that got you confused, but english is not my first language and a lot of people was quoting me.

yea i'm sure. You keep crating those straw mans and backpeddles. Your the only one in this thread believing them.

Well that is great for me :=)

And it shows a bit how deluded people are if they think corporations should be able to leave costumers data unprotected and expect everyone to be nice and not hack them ^^

Yes, it shows me how deluded some poeple can be thinking any amount of security can withstand large organized attacks on a company. Thanks.

Oh damn apparently you cannot read since I already said no system is perfect.


And yeah, no encryption is really HUGE amount of security and since the hackers claims to hacked them with a very easy way shows just what a huge security they have =)


If it turns out that Sony indeed have a very advanced and extremely effective system then I do not think they should be blamed. But with the current information, they failed.

 

[smithy1234]

An SQL Injection is not a fucking mega super hack okay? Don't feel bad for Sony or wag your fingers at these hackers because it's one of the easiest exploits in the book. Also the fact that it was plaintext was even worse, honestly I would throw a piss fit at these hackers if they didn't hack Sony after finding such a blatant flaw.

 

[MrTub]

An SQL Injection is not a fucking mega super hack okay? Don't feel bad for Sony or wag your fingers at these hackers because it's one of the easiest exploits in the book. Also the fact that it was plaintext was even worse, honestly I would throw a piss fit at these hackers if they didn't hack Sony after finding such a blatant flaw.

So the hackers.. teh guys who just did something completely illegal "claimed" to do something and said it was easy without actual proof. And you just believe them? They could have been working on this for days, weeks months, you have NO idea. You just believe with blind faith at what these guys have done.

Is there any better then having blind faith that the corporations are telling the truth?

Since I would very much doubt that Sony would release a statement saying they had an extremely bad system and a bunch of kids could have hacked it.

 

[Kopikatsu]

An SQL Injection is not a fucking mega super hack okay? Don't feel bad for Sony or wag your fingers at these hackers because it's one of the easiest exploits in the book. Also the fact that it was plaintext was even worse, honestly I would throw a piss fit at these hackers if they didn't hack Sony after finding such a blatant flaw.

So the hackers.. teh guys who just did something completely illegal "claimed" to do something and said it was easy without actual proof. And you just believe them? They could have been working on this for days, weeks months, you have NO idea. You just believe with blind faith at what these guys have done.

Is there any better then having blind faith that the corporations are telling the truth?

No. The best thing would be to wait for the official statement on Sony's security, especially considering that they've hired multiple security firms. (Three at last count).

 

[fletch_talon]

"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed everything. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Awesome, their mothers should be proud for having raised such socially minded, altruistic individuals. I feel safe knowing that these guys are working to defend the privacy of my informa...

"We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts,"

Never mind then...

 

[MrTub]

An SQL Injection is not a fucking mega super hack okay? Don't feel bad for Sony or wag your fingers at these hackers because it's one of the easiest exploits in the book. Also the fact that it was plaintext was even worse, honestly I would throw a piss fit at these hackers if they didn't hack Sony after finding such a blatant flaw.

So the hackers.. teh guys who just did something completely illegal "claimed" to do something and said it was easy without actual proof. And you just believe them? They could have been working on this for days, weeks months, you have NO idea. You just believe with blind faith at what these guys have done.

Is there any better then having blind faith that the corporations are telling the truth?

Since they didn't crack into my website and steal everything, yea of course. I don't align myself with poeple who do unlawful things "to make a point"

Wow.. if you really think you can trust any corporation since they didnt hack into your website says a lot about you (IMO).

 

[wrightguy0]

i hope they get beaten with lead pipes -__-, fucking assholes

 

[Cliff_m85]

Sony.

You are shit. Seriously. It's now like any bored hacker can just think "Slow afternoon. I feel like stealing everyone's personal information on a site. I don't feel like a challenge today, so I'm just going to hack Sony."

Shit! We've been hacked. Quick, change the password of "password" to "drowssap"!!!
-Lead security manager at Sony

 

[smithy1234]

An SQL Injection is not a fucking mega super hack okay? Don't feel bad for Sony or wag your fingers at these hackers because it's one of the easiest exploits in the book. Also the fact that it was plaintext was even worse, honestly I would throw a piss fit at these hackers if they didn't hack Sony after finding such a blatant flaw.

So the hackers.. the guys who just did something completely illegal "claimed" to do something and said it was easy without actual proof. And you just believe them? They could have been working on this for days, weeks months, you have NO idea. You just believe with blind faith at what these guys have done. There is no proof to any of this, just what they said.

dunno how it works where you live, but in america we don't just take the word of internet criminals.

... I believe that it was really easy to do the SQL Injection because I myself have done multiple SQL Injections against websites and I can tell you right now that they're extremely easy if there was an exploit found. Not to mention the max amount of time it would take to perform an SQL Injection would be from 10 minutes to 2 hours. (just speaking for myself here but from experience it shouldn't take any longer, perhaps wouldn't even be that long...)

And giving the blanket statement that they're all "internet criminals" is not really doing the community of hackers justice.

All in all, I don't need hard evidence that it took these guys little time to perform the SQL injection because the very fact that it was an SQL injection tells me it was most likely easy to do and the idea of an SQL injection taking weeks or months is laughable.

 

[MrTub]

An SQL Injection is not a fucking mega super hack okay? Don't feel bad for Sony or wag your fingers at these hackers because it's one of the easiest exploits in the book. Also the fact that it was plaintext was even worse, honestly I would throw a piss fit at these hackers if they didn't hack Sony after finding such a blatant flaw.

So the hackers.. teh guys who just did something completely illegal "claimed" to do something and said it was easy without actual proof. And you just believe them? They could have been working on this for days, weeks months, you have NO idea. You just believe with blind faith at what these guys have done.

Is there any better then having blind faith that the corporations are telling the truth?

Since they didn't crack into my website and steal everything, yea of course. I don't align myself with poeple who do unlawful things "to make a point"

Wow.. if you really think you can trust any corporation since they didnt hack into your website says a lot about you (IMO).

Wow, if you really think you can trust a bunch of faceless random poeple who's entire goal revolves around criminal activity, i think it says even more about you.

=) when did I say I trust them? if you would please read my posts you will see that I've wrote with current information and with what they are claiming. So if some new trustworthy information shows up that says Sony had a very good security system and the hackers was lucky/skilled then I will change my stance on this.

I never said it was the truth.

I do not trust corporations and I do not trust hackers aswell.

Hope that would clear something up.

 

[BDNeon]

I gotta admit the amount of people that are willing to believe the hackers are telling the truth about SQL injection really tells me something about their mindset. Seems to me they WANT it to be true, so much so that they actually believe unconditionally a statement by terrorist criminals.

Oh look, criminal asshole terrorist hackers claim to have used this method to breach Sony's servers, which discredits Sony but doesn't explain why the hack took place days after it was supposedly supposed to. I guess I'll just believe them, becuase I like to hate Sony before waiting for more information.

 

[5mj7R7yf4Dwr3gdZyyu9PeGNwYjlNrjzuh3iTXQG]

Anyway, I have absolutely zero idea of both how to hack systems, and also how to encrypt information, so I can't really side with one group or the other on this...but I default to siding with Sony, if only because in an ideal world, we should be able to leave our doors unlocked without fear of being raped and murdered in the middle of the night. Then have the corpse kicked. Over and over and over.

Not an analogy that quite fits.

Some societies do have an open-door culture, where people don't bother to lock their doors, and might even leave keys in their cars, either because your grounds are large enough that you can easily trace who has access to your stuff, or because a town is small enough, or because the destitute are so well cared for that crimes of desperation are a rare thing (compare the low-income communities of Canada with similar regions of the US). In such societies, you can leave your door open on the basis that you have nothing special to steal.[footnote]Most of us don't own anything special, or among the few special things we do own, they are unique to ourselves, are associated with us by those who know us, can be identified and connected to us, and in some cases are even insured.[/footnote]

But even in such open-door communities, there will remain incidents that will require a degree of security despite communal conventions.[footnote]Security being anything from locks, identification marks and theft insurance (enough to keep out the honest) to guard dogs, spikey gates and cameras (enough to thwart the determined), to vaults and hired goons with shotguns (enough to keep out expert criminals and enemy covert operations.)[/footnote] They are, those whose exceptional assets might prove too tempting, and those with enemies.

Sony has both, being a multi-national corporation that not only has huge assets (only one of which is private data of customers, which it keeps in trust), but also enemies, both in the form of rival companies who compete with Sony in common markets, and disgruntled associates whom Sony has wronged or treated inappropriately.[footnote]Sony's history of litigious bullying, questionable quality assurance and poor customer service extends into the past much further than the debacle with GeoHot. There are many, many people, sometimes in groups, that would love to see the Sony name fall to disgrace.[/footnote] Some of these foes would be willing to hire experts to trash Sony's ability to conduct business.

And Sony should be appropriately prepared for the contingency eventuality of an attack. Considering some of the assets they hold are yours (assuming you are a customer of Sony's), such security concerns are a responsibility to you.

Wouldn't it have been better to just email Sony's CEO with the information? Not to mention LulzSec's claim of Sownage being 'The beginning of the end for Sony'

Nope. Because without consequences, Sony's CEO wouldn't have even gotten the mail, it having been processed by his mail reading/parsing minions, probably one or two of the CEO's lesser clerks. Complains and concerns through normal channels of large companies tend to go unaddressed unless enough people voice the same concern, and even then, Sony has been known in the past to resist catering to a mere written grievance.

By a grey-hat implementation of the hack, these guys made it a problem that requires attention, and a complaint that will be voiced by a large group, namely anyone who sees their name on the list, and is concerned about privacy.

But an SQL injection vulnerability is not merely a security issue, as it is also a error-trapping and user-proofing issue. A personal website of an individual should be resistant to insertion attacks of this kind, since a packet transfer error, or a frustrated user can inadvertently break the system (the means by which the hack was implemented). And the fact that private data of other persons were stored in plaintext is like leaving an unpopular ministry's collection plate in plain sight, in a town that thinks the church is heretical.

Criminals with cause are still criminals.

So said the House of Lords to King George regarding those pesky new-world colonists. No state has ever had its revolution sanctioned by its administration.

238U.
EDIT: Posted prematurely. Fixed for grammar.

 

[Brian Hendershot]

The Lulz Boat just sank what little confidence people had left in Sony.

Hey. If that's what floats their boat...then let them.

Puns aside, those guys are dicks. Plain and simple.

 

[psicat]

God I hate hackers and their supposed 'noble' intentions. Just makes me want to back Sony more after all this.

 

[smithy1234]

An SQL Injection is not a fucking mega super hack okay? Don't feel bad for Sony or wag your fingers at these hackers because it's one of the easiest exploits in the book. Also the fact that it was plaintext was even worse, honestly I would throw a piss fit at these hackers if they didn't hack Sony after finding such a blatant flaw.

So the hackers.. teh guys who just did something completely illegal "claimed" to do something and said it was easy without actual proof. And you just believe them? They could have been working on this for days, weeks months, you have NO idea. You just believe with blind faith at what these guys have done.

Is there any better then having blind faith that the corporations are telling the truth?

Since they didn't crack into my website and steal everything, yea of course. I don't align myself with poeple who do unlawful things "to make a point"

Wow.. if you really think you can trust any corporation since they didnt hack into your website says a lot about you (IMO).

Wow, if you really think you can trust a bunch of faceless random poeple who's entire goal revolves around criminal activity, i think it says even more about you.

What are you saying the hacker group has lied about exactly? It seems pretty straightforward, the group used an SQL injection to get into the databases and then published the un-encrypted plaintext passwords online...

 

[Not G. Ivingname]

I don't know why, but I don't belive this. As in, I don't belive this is a reality. It just seems so fake and perfect to what they want.

HE'S FOUND OUT ABOUT THE MATRIX! LIQUIDATE HIM!

OT: When I first saw this, I thought this was that Sony found out that PSN wasn't hacked by Anonymous, but these guys instead.