 |
LulzSec has been on a tear, infiltrating several websites and databases. They play "The Love Boat" theme song on their site. |
This time it's a hacker advance on assorted websites associated with Sony Pictures.
A aggregation of individuals action by the name LulzSec, who afresh managed to blemish PBS.org's homepage, appear that they accept burst into SonyPictures.com and compromised added than 1 actor user accounts. An added 75,000 music codes and 3.5 actor coupons were additionally uncovered.
The attack, allotment of a advance accepted as Sownage, was appear on Twitter and on the LulzSec website.
LulzSec said that it didn't accept abundant assets to archetype all the abstracts that it was able to access. But the accumulation did administer to grab a accumulating of databases that accommodate bags of usernames.
The accounts, apparently associated with any array of registered action on SonyPictures.com (or its subsidiaries or partners), accommodate advice like passwords, email addresses, dates of bearing and added Sony opt-in data.This absolutely isn't as alarming as the advice that was apparent during the PSN hack, but it could still be acclimated to accumulate admission to added important accounts elsewhere.
The scariest allotment of this advance isn't what was taken, but how accessible it was for the LulzSec associates to booty it. According to the groups own columnist release, admission to the capital Sony Pictures website was acquired application a actual basal tactic alleged a SQL injection.
We haven't had a adventitious to appraise the appear files to see what this bang was, but it's acceptable that an age-old software assemblage and almost caught web server fabricated casual the bang trivial.
LulzSec says that all of the advice it took was unencrypted.
"Sony stored over 1,000,000 passwords of its barter in plaintext," says the hackers' columnist release, "which agency it's aloof a amount of demography it. "Seeing as this is the second security breach of a major Sony-branded website in just outside of a week, we have to ask: Is anyone at Sony employed to handle web security?
Sure, managing a ample cardinal of brands and backdrop that are generally affiliated in name abandoned has to be a challenge, not to acknowledgment the logistical and authoritative challenges of managing websites that can abundance millions of user profiles. Still, that doesn't accomplish up for what by all appearances is an bottomless aegis record.
LulzSec has been on a tear, entering the websites and databases for the UK television program, "The X Factor," genitalia of Fox.com, Sonymusic.co.jp and abounding genitalia of PBS.org in the accomplished three weeks alone.
The attacks, while generally adolescent in attributes and beheading (the Lulzsecurity.com website plays the affair from "The Love Boat"), accentuate aloof how important it is for brands to accumulate their web servers updated, accustomed and monitored. In the age of simple publishing accoutrement like WordPress, it's accessible for managers to belittle the accent of accepting addition on arrangement or on agents to accumulate abstracts encrypted and protected.
We can abandoned achievement the best contempo cyber attacks argue admiral to anticipate actively about advance in online security.
0 comments:
Post a Comment