Just how secure are the websites of major companies around the world?
Overnight, Sony was cracked yet again, and user information posted online, this time by a new force in online mischief, Lulzsec, which has a penchant for using commonly available programs to exploit lax corporate cyber security.
Sony has a particular problem because — perhaps in the manner of another Japanese company Tepco — it appears unwilling to reveal what is going on and unable to control its own systems. This is the second time in recent days Sony has been cracked using exactly the same SQL injection technique.
Sony suffered a major crack in April and tried to pin the blame on Anonymous, which had launched a DDOS attack on the site roughly at the same time. The Financial Times, which has form in attacking Anonymous, joined in, alleging it was vaguely responsible for the break-in and theft of tens of millions of sets of user details, including credit card details which could be sold online.
Lulzsec’s latest crack secured over a million more user details, including passwords and home addresses. The group, which claims not to be part of Anonymous but shares some of its goals, made a point of noting how simply the SQL injection technique it used was.
Earlier this week Lulzsec sailed its “Lulzboat” over to the site of American public broadcaster PBS, which had run a profile on Bradley Manning that infuriated Manning and WikiLeaks supporters. The group used a different exploit to use poor security at the site to take data and post the now-famous “Tupac is alive” story on the website of the earnest, desperately “balanced” Newshour site. PBS took an extended period to regain full control of its site.
Lulzsec had previously done the same to the Fox.com site, posting user names and passwords online after accessing data.
In each case company administrators appear to have failed to minimise the potential for using well-known exploits to defeat security measures by keeping system software up to date, although in Sony’s case the failures are on a truly massive scale. After the latest Lulzsec hack, security experts online were calling for Sony to simply abandon its current cyber security framework and start again from scratch. In any event, the repeated cracks of one of the world’s biggest media companies even as it has struggled to restore its Playstation gaming network suggest it can’t be trusted with user data at the moment.
The question is, how many other companies entrusted by consumers with private data have also failed to keep their systems up to date and are only awaiting similar attacks by crackers wielding simple tools to breach security?
Any chance of a class action against Sony for incompetence? Because SQL injection == incompetence.
Dr Harvey M Tarvydas
You confirm my theory that the much ignored and under-developed understanding of ‘attitude’ as possibly the most important human issue requiring serious psychological and psychiatric research and study leading to a sophisticated understanding.
In the late 90’s an article of mine on science and medicine was published where I asserted that ‘attitude’ of the medical practitioner at a particular moment ‘killed’ patients needlessly and then assists in corrupting the ‘medical profession’ which is left living with its ‘covering up’ behaviour of the killers.
I compared how doctor’s attitude to other peoples lives could be upgraded to that of airline pilots which is greatly assisted by the fact that they die if careless with regard to their performance which all of our lives depend.
Your statement
“The question is, how many other companies entrusted by consumers with private data have also failed to keep their systems up to date and are only awaiting similar attacks by crackers wielding simple tools to breach security?”
clearly goes to attitude of how hard to try and when ‘near enough is good enough’.
Attitude is indeed a key determinant. Governments and corporations blame their clients and customers when things go wrong, and when that tactic doesn’t work, they achieve a remarkable mental conflict by declaring there was nothing wrong in the first place.
In this case, the attitude that there is nothing wrong (you did it, no, I didn’t do it, it’s all fixed anyway) unsurprisingly resulted in another conspicuous failure.
If people are unable or unwilling to deal with reality, it’s going to keep bruising their shins.
Dr Harvey M Tarvydas
@ CLYTIE — Posted Sunday, 5 June 2011 at 2:46 pm
Yep!
And when ‘attitude’ sickness interferes with your Doctor, death is often the ensuing consequence – yours!
I call it the ‘killer attitude’ of some medical practitioners.
I have followed these cases all the way through to sitting in on the coroner’s inquests (all ways a joke with the WA ‘pretty boy’ coroner) and have listened to the outright medical lies told to ‘cover for the unfortunate colleague’ which only a medical professional would recognize as lies (and all those that do keep ‘stumpf’) but I started life as a young Doc blowing the whistle on WA’s Dr Death back in the 70’s receiving gratitude from the most famous (knighted) Australian surgeon who hadn’t noticed the fraudulent killer practicing under his nose.
Then in 2009 having to live through a Queensland medical board patting Dr Death on the back while telling his victims to f**k off.
And while they were playing this deadly, despicable game to entertain themselves they decided to lie and suborn perjury in front of a ‘totally blind to criminals setting her up’ supreme court judge who then obsessed with all the evil she had just been told about me by these lying but ‘good, pure medicos’ in her silly mind, breaks every law under the sun to abuse and insult me before see has even witnessed me opening my mouth.
This is lousy attitude f**king lousy attitude and procreating self-perpetuating lousy, dangerous attitude that they will never have the wit to deal with as it rightly destroys their reputations.
That will take decent citizens not medicos or judges.