Abhinav Lal

Discuss on thinkdigit forum

Posted on 03-06-2011

Comment on article

Tweet

• PlayStation 3 to allow saved games in the cloud
• Sony releases v4.10 PS3 firmware update, with improved browser
• First two Uncharted games available for PSN digital download...

The Sony PlayStation Store and Music Unlimited by Qriocity are back online across the world, excluding Japan, Hong Kong, and South Korea. Sony has also gone ahead and updated PlayStation Plus, its premium subscriber network, with new avatars, betas, free games and trials, including full game trials of Tom Clancy's Rainbow Six Vegas 2 and Dante's Inferno.

Check out the full list of new content on the PlayStation Blog post. The Welcome Back package that Sony promised however is not yet available – it is apparently “currently in the final stages of testing and will be available to download soon.”

In the meanwhile though, all of Sony’s official announcements about everything being back up definitely seem to provide a false sense of security, as yet again, more of the Japanese giant’s online properties have been hacked, with their plain-text passwords, e-mails, date-of-birth, and in some cases, even names, phone number, and full-postal addresses compromised.

The latest attack, perpetrated by a group calling itself Lulz Security or LulzSec, was an embarrassingly rudimentary SQL injection that took out sonypictures.com, sonybmg.nl, and sonybmg.be. LulzSec has posted a sample of the data it stole on torrents, and, claim that they have information from over 1 million accounts. They also claim they have over 75,000 “music codes” and 3.5 million “music coupons.”

Sony has faced fire from many fronts in the recent past, not in the least legal bodies and consumers, apart from numerous hacks to the company’s various properties. The fact that it is has still not secured them against such basic attacks remains troubling, one hopes Sony will wake up and smell the hostility. Read LulzSec's statement below:

Greetings folks. We’re LulzSec, and welcome to Sownage. Enclosed you willfind various collections of data stolen from internal Sony networks and websites,all of which we accessed easily and without the need for outside support or money.

We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 “music codes” and 3.5 million “music coupons”.

Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have takenevery last bit of information, but it would have taken several more weeks.

Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?

What’s worse is that every bit of data we took wasn’t encrypted. Sony storedover 1,000,000 passwords of its customers in plaintext, which means it’s justa matter of taking it. This is disgraceful and insecure: they were asking for it.

This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we sayis true. You may even want to plunder those 3.5 million coupons while you can.

Included in our collection are databases from Sony BMG Belgium & Netherlands.These also contain varied assortments of Sony user and staffer information.
Follow our sexy asses on twitter to hear about our upcoming website. Ciao! ^_^