Sony Website Hacked By the "Lulz Boat"
- Thread starter Greg Tito
- Start date
Tell everyone on the internet that you've found Sony's security to be lacking and you will hear the sound of exactly zero shits being given.Jonny49 said:
But steal and display the personal information of one million people and suddenly it's a big deal. So in answer to your question, no they can't.
Exactly sounds like time or bandwidth was all the stopped them from looting more data with that security. Gezee I could brake that in my sleep or at least easy. I know forums with 12 uses more secure. Even if it was a complex injection it's still an amazing flaw.spasicle said:
Info on SQLIA http://en.wikipedia.org/wiki/SQL_injection
Before people yell hacker at me I do identify me self as one. How ever the media has really corrupted what it means. These guys are crackers and at the very best gray hated ones. My knowledge on these topics comes from yes naive playing around in my younger years. I used to crack sites mostly for the fun and challenge never touched never took down or sabotaged. My more up to date knowledge is from friends that are more active on both sides of the fence as well as my continual interest in cryptology and cyber security.
Agreed. If they were really well-intentioned, they wouldn't release the information - they'd send it back to Sony and tell them what they did wrong. Maybe even offer a solution. But I think most of these people don't care about who they're attacking, they're doing it because they can and use the "exposing weakness" excuse as a cover-all to try to keep people on their side. They're not on the side of the customers, they're just against the big corporations, and any collateral damage is incidental in their crusade.Jonny49 said:
I'd like to point out amidst all the "WHY WOULD YOU HACK A LEGITIMATE CORPORATION" outcries:
There are very well-loved white-hats who do similar (albeit not quite as malicious) things in order to attract necessary attention to security flaws before they get discovered by the real criminals. Look up Dan Kaminsky for the Ur-example of this.
They go about it in more professional ways, generally, giving the businesses affected a reasonable length of time after the exploit before making the vulnerability public, so that a fix can be implemented or at least started. But they still break in.
There was an especially reminiscent incident posted on Slashdot a while back about a guy who sat in an Internet cafe and got access to Facebook accounts of people in the cafe, logged in as them, and sent them messages basically saying "You have been hacked. Stop sending private data over unsecured connections on public wireless."
I seem to remember Kaminsky stealing Youtube traffic and rerouting it to a fake site or some other publicity stunt like that with his DNS hijacking/spoofing attack.
So yes, the Lulz Boat is almost certainly doing it "for the lulz". That doesn't mean that there wasn't another motive. I'd argue that bringing attention to the vulnerability before, say, someone with a botnet for e-mail spam or identity theft found it, is very much worth the lulz. Assuming that this group doesn't act like typical Anonymous idiots by making the personal information public, that is.
There are very well-loved white-hats who do similar (albeit not quite as malicious) things in order to attract necessary attention to security flaws before they get discovered by the real criminals. Look up Dan Kaminsky for the Ur-example of this.
They go about it in more professional ways, generally, giving the businesses affected a reasonable length of time after the exploit before making the vulnerability public, so that a fix can be implemented or at least started. But they still break in.
There was an especially reminiscent incident posted on Slashdot a while back about a guy who sat in an Internet cafe and got access to Facebook accounts of people in the cafe, logged in as them, and sent them messages basically saying "You have been hacked. Stop sending private data over unsecured connections on public wireless."
I seem to remember Kaminsky stealing Youtube traffic and rerouting it to a fake site or some other publicity stunt like that with his DNS hijacking/spoofing attack.
So yes, the Lulz Boat is almost certainly doing it "for the lulz". That doesn't mean that there wasn't another motive. I'd argue that bringing attention to the vulnerability before, say, someone with a botnet for e-mail spam or identity theft found it, is very much worth the lulz. Assuming that this group doesn't act like typical Anonymous idiots by making the personal information public, that is.
I'm glad the hackers had good intentions, this much information could have been sold, but posting the information they took to the public record makes it all worthless now, any related parties will know which accounts were affected. If they would have sold it, how long would it have taken Sony to notice. Someone could have made quite the mess. That aside, Sony is getting a taste of their own medicine, again, for not adequately protecting their users private information. Not looking good for Sony these days.
I dont understand, I mean even if they had some top of the line security anti-haxxor crap and it took the hackers years+ to hack it in the end they would still say that Sonys security is hackable (as is everything else) and put them down as if they are garbage would they not? I have no doubt that if these same people put effort in doing the same to other companies such as Microsoft or Nintendo there would be an equal amount of damage and the "message" the same.
I put my faith in them (Sony) because I have yet to be wronged by them, you see before all this shit hit the fan I was pleasantly fine with their services, and still am after they have somewhat recovered.
When Sony gets hit in the balls, so do I.
I put my faith in them (Sony) because I have yet to be wronged by them, you see before all this shit hit the fan I was pleasantly fine with their services, and still am after they have somewhat recovered.
When Sony gets hit in the balls, so do I.
anyone think that these guys said this:
"0 lol guyz mabee we shud dr0p Sony with 1337 Hax0rz!!111!"
"h4h4 lol!"
Yeah I didn't know I could speak internet that well either
"0 lol guyz mabee we shud dr0p Sony with 1337 Hax0rz!!111!"
"h4h4 lol!"
Yeah I didn't know I could speak internet that well either
Ya know, those hackers can drop that noble shit because I'm not buying it. I couldn't give two shits what kind of hacking tactic they used to get access to the info, they still hacked in and were able to get to it. Forgive me for not singing their praises, I'm getting really tired of this and it really needs to stop.
Also, Lulz boat, really? That's the dumbest name I've ever heard, good job gang.
Also, Lulz boat, really? That's the dumbest name I've ever heard, good job gang.
Well, fuck you LulzSec.
There are other means to showing that Sony has rubbish security. I give a example that was already stated, they can tell them how to improve. But they obviously don't give a shit and are damaging not only the corporation but the customer, its just for the "lulz".
I just hope that Sony gets their shit together, this is getting stupid.
I really wouldn't mind seeing LulzSec getting destroyed in a spectacular manner. Why haven't they been stopped yet?
There are other means to showing that Sony has rubbish security. I give a example that was already stated, they can tell them how to improve. But they obviously don't give a shit and are damaging not only the corporation but the customer, its just for the "lulz".
I just hope that Sony gets their shit together, this is getting stupid.
I really wouldn't mind seeing LulzSec getting destroyed in a spectacular manner. Why haven't they been stopped yet?
But the thing is they've put ZERO effort into security. It's mind boggling to anyone who knows a shred of information on security that Sony is falling prey to these types of attacks. No one is calling Sony out because their system isn't impregnable, no system is impregnable. The problem is Sony hasn't put in place the most basic security measures to protect their user's data.Vigilantis said:
