Sony Website Hacked By the "Lulz Boat"

Recommended Videos

Raesvelg

New member
Oct 22, 2008
486
0
0
UrKnightErrant said:
blah blah blah
My point stands. You are apparently mistaking the act of breaking encryption (hard), with breaking into the website (easy). If it is so easy, however, why not have more? Or all? Why essentially beg for money to continue an operation that supposedly was a simple SQL injection?

The "there's all this data sitting there unprotected, but we can't get more unless we have more money" line seems to ring a little false to me. Then again, they basically said "Here's how we did it, go enjoy yourselves", which may or may not lend credence to their claims. I've no intention of verifying it for myself, after all.

And frankly, I expect that it WAS just sitting there in plaintext for the most part. It's hardly uncommon, sadly, even the lack of protection for the passwords. At least the credit card info was encrypted and/or inaccessible. Which is more than Rhode Island can say.
 

Adventurer2626

New member
Jan 21, 2010
713
0
0
...



Well it's good to know the boys in red, white and blue aren't going to be out of work anytime soon. After you've finished with Libya, you can start bombing the INTERNET. Guh, I need another can of Coke.
 

dashiz94

New member
Apr 14, 2009
681
0
0
I cannot fucking believe people are calling out Sony for this.

I don't give a shit how "easy" it is for someone to hack their site, YOU JUST DON'T DO IT.

To make matters worse, they posted the information online.

Fuck all of you people who have the gall to call out Sony because of this. Do you know how many god damned times companies get hacked and don't even ADMIT IT?!

No, of course you don't. Because you're all fucking idiots.
 

Sonicron

Do the buttwalk!
Mar 11, 2009
5,132
0
0
... Rrrrrrrr. Can't they call attention to Sony's shoddy security without providing yet another free boost to identity theft crime rates? -.-
 

nightwolf667

New member
Oct 5, 2009
306
0
0
bloodmage2 said:
if someone actually wanted to get in and steal credit cards and whatnot, due to sony's ineptitude, millions of people would be subject to identity theft and likely loose a good chunk of money. this is a fire drill for sony.
What do you need to fill out a credit card application?

Name, Date of Birth, Address, Phone Number. You do not need a social security number. You need one to open a bank account but not a credit card. What did LulzSec steal? Names, DOBs, Addresses, phone numbers, email addresses, and passwords. Then they posted it online. Even if they had only posted the email addresses and passwords they opened these people up to identity theft (which they didn't, they posted everything). If someone cracks an email with their password and they have that same password on their bank account, they can get into the bank account. Anyone who downloads that data could open up a credit card in the name of any person who was in that file.

And while either LulzSec or Anonymous has no interest in credit card fraud on their face, there are those among them (I guarantee you) who are stupid enough to love it. There are those among them who may try it, there are others who will certainly download the data and try it.

So no, this wasn't a fire drill. This was theft and this left millions of innocent people open to abuse from that information.
 

Raesvelg

New member
Oct 22, 2008
486
0
0
UrKnightErrant said:
blah blah blah
And you're evidently too lazy to actually read the releases of the LulzSec crew.

As such, I have no need to continue talking with out.

We're not talking about encryption, ass. We're talking about access, and the difficulty thereof, and why the LulzSec crew simultaneously says it is easy, and yet says that they CANNOT access more of the database without considerably more money and several weeks of time.

So evidently it's not as easy as just accessing and downloading the entirety of it.

Which somewhat undermines their claims of it being incredibly easy, and casts some small measure of doubt not on the fact that they accessed it, or that the information was in plaintext, but that the act of accessing it was of trivial difficulty.

Do you not fucking read? Seriously. You're just irritating me at this point. You've seized on an completely unrelated issue, which has no relevance to the matter at hand because according to the people who performed the hack, the data WAS NOT ENCRYPTED. It requires no decryption. That cannot be the source of their stated requirements of more time and money.
 

Raesvelg

New member
Oct 22, 2008
486
0
0
UrKnightErrant said:
I understand there's a difference between server access and server decryption. I'm inclined to believe them for three reasons.
Well, that was almost civil.

Anyway.

It wasn't a "we have encrypted material that we need to decode, and thus require more time/money", it was a "we got into the database, but could only get a fraction of it because we are underfunded and it would take several more weeks."

They were quite explicit in their explanation of the situation.

That explanation, however, doesn't entirely jive with the claim that the hack was ridiculously easy. We also know that they're pursuing a personal agenda against Sony, and not simply wreaking havoc for the sake of wreaking havoc. They hacked Nintendo recently as well, and did... nothing in particular. Just left a little proof so that Nintendo would know that they'd done it.

At this juncture, if you wanted to discredit Sony (and LulzSec obviously does), the clear path would be to claim that whatever damage you managed to do, or access you managed to gain, was accomplished with considerable ease. It's difficult to prove you wrong, after all; even if you post the method you supposedly used, if someone tries and it doesn't work, you simply say that Sony closed the vulnerability and it's impossible to dispute your word on the matter, unless Sony themselves comes out and says precisely how the hack was accomplished.

And that is, shall we say, rather unlikely?

Your stance regarding the hackers having unreleased data and lying about why they need time/money inherently undermines your related stance about the hackers being more trustworthy than Sony, you realize. If they're lying, they're not trustworthy.
 

Raesvelg

New member
Oct 22, 2008
486
0
0
UrKnightErrant said:
I'm not suggesting that these hackers are trustworthy. I just think they're likely more trustworthy than Sony.
I expect that neither of them is particularly trustworthy, to be honest. Sony's agenda is to not look bad in public, LulzSec's agenda is to make Sony look bad in public. Both of them would probably lie to accomplish their respective goals if they think they can get away with it.
 

Hogbinladen

New member
Mar 25, 2010
48
0
0
Now that the information is out no security measure can keep it safe. Way to make a point, LulzSec.
 

the_green_dragon

New member
Nov 18, 2009
660
0
0
Virtual Connor said:
These hackers belong in prison for massive breaches of privacy of the innocent public.
Sony suck for not doing more to prevent it, and really need to address the problem. But it still doesn't make the crime acceptable and the hackers are still the ones who are solely responsible for their actions (ie. theft of personal information and making it readily available to every other criminal with a computer).
yes Hackers are bad people but at the end of the day, they are out there and will steal stuff on the web left lying around.

I think most of the blame here lies with Sony for not doing more, leaving that kind of info so easily accessable is a joke.
 

aarontg

New member
Aug 10, 2009
636
0
0
Since the first attack on sony this seems like some kind of green light for everybody to start attacking big company web sites. It happened to nintendo recently but they got the lucky break.
 

TitanAtlas

New member
Oct 14, 2010
802
0
0
Maraveno said:
TitanAtlas said:
Goddamit Sony... you dun goofed up...


Just imagine that the girl is Sony... just do it for me while youre watching the video xD

I think That than sums up our responses to this thread

Or it could in general be the equivalent of this thread

Ah well
Acctually.... both our videos are an exact explenation of what happened.... metaphorical this is...

Sony: Noooo... i must get the hackers...
Anonymous: No Playstation... you are already hacked...

And so Playstation was a hack itself...
 

erztez

New member
Oct 16, 2009
252
0
0
To all the people implying that stuff like this is only making more of the public get behind(or rather, in front of) Sony...

http://www.marketwatch.com/investing/stock/sne

That is all.
 

Firehound

is a trap!
Nov 22, 2010
352
0
0
erztez said:
To all the people implying that stuff like this is only making more of the public get behind(or rather, in front of) Sony...

http://www.marketwatch.com/investing/stock/sne

That is all.
Thank you.


Having it proven repeatedly that your security measures are a couple dobermen and a unconnected switch labelled 'INTERNETZ KILL SWITCH' definately does not make people want to trust money in you.
 

Char-Nobyl

New member
May 8, 2009
784
0
0
Greg Tito said:
Sony apparently didn't have the wherewithal to encrypt the personal information collected on SonyPictures.com. "What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

I'm not sure that kind of rape-logic holds up, but LulzSec does have a point. Sony is a big company, with lots of interchangable parts, but you think database security would be at the top of every divisions to-do list right about now.
Ehm...actually, I think this is one of those few instances when the "they were asking for it" logic actually does apply. Cybercrime is quite possibly one of the easiest forms of crime to carry out without remorse. If there is a considerable deal of valuable information with such shoddy security that it might as well be there for the taking, and all it takes is a few keystrokes to take it, Sony is asking for it.

Hell, if anything, they should be happy that it was LulzSec that did it. Going back to the rape analogy that OP used, would you prefer to be accosted by an actual rapist, or a guy who threatens to rape you, then says "I hope you learned something from this" and leaves?
 

SelectivelyEvil13

New member
Jul 28, 2010
956
0
0
erztez said:
To all the people implying that stuff like this is only making more of the public get behind(or rather, in front of) Sony...

http://www.marketwatch.com/investing/stock/sne

That is all.
Firehound said:
Thank you.


Having it proven repeatedly that your security measures are a couple dobermen and a unconnected switch labelled 'INTERNETZ KILL SWITCH' definately does not make people want to trust money in you.
Wait, people actually thought that Sony was going to become more trusted after this? :p

Seriously though, I think the most people will do is get behind Sony "in spirit." In other words, nobody likes what the hackers are doing because nobody likes hackers. Hell, look at the infighting with Anonymous; even hackers hate other hackers. But will anyone actually support Sony in money? Well, ha ha, that's just adorable! [sub]But seriously, it's quite unlikely given the circumstances...[/sub]

Sony is going to be getting plenty of damage from this in the long term, and it only gets worse as consumers grow more and more cautious to the point of abandoning the brand altogether. What stealing and frustrating the customers of Sony will actually prove to those affected other than (1) bye Sony and (2) #$*% hackers, is beyond me.
 

MGlBlaze

New member
Oct 28, 2009
1,078
0
0
The 'they were asking for it' logic doesn't hold up at all and I'm tempted to start going 'Fuck You And Die' on them, but if they are sincere about not being interested in the customer's actual data, then maybe this will work out beneficially in the end.

That is, I repeat, if they are sincere about that claim. This is the Internet, so I'm not even remotely convinced they are.
 

Aesthetical Quietus

New member
Mar 4, 2009
402
0
0
Kopikatsu said:
Ckeymel? Pfft! I posted this hours ago. [http://www.escapistmagazine.com/forums/read/18.288638-LulzSec-steals-SonyPictures-everything-Updated?page=1]

Anyway, I have absolutely zero idea of both how to hack systems, and also how to encrypt information, so I can't really side with one group or the other on this...but I default to siding with Sony, if only because in an ideal world, we should be able to leave our doors unlocked without fear of being raped and murdered in the middle of the night. Then have the corpse kicked. Over and over and over.

Anywho, I kind of doubt LulzSec's claim that they were only doing it to show vulnerability since they posted the information publically. Sure it was needed as proof, but they compromised personal information and accounts in doing so. Wouldn't it have been better to just email Sony's CEO with the information? Not to mention LulzSec's claim of Sownage being 'The beginning of the end for Sony'
Plain-text encryption for passwords and the like is just wrong. Secure encryption can take some work and I can forgive them for having a mild encryption broken but not having any encryption, especially with what has happened to them lately is plain wrong. It would take maybe an hours work to add basic encryption, which when you are that big and that big of a target is absolutely necessary.
What LulzSec did was wrong beyond doubt but this is more like agreeing to look after a million dollars of friend's money, then leaving it in plain sight with the doors open.

Sure, it would have been better to contact Sony's CEO but in doing as such you miss out on drawing peoples attention the fact that Sony aren't learning. If you just had a major attack such as they have with the PSN you make sure that everything is secure. That definitely means no plain-text information at the least.