Another Sony site hacked
By Tom Brewster,
Another hacker has hit Sony following a string of attempts on the PlayStation creator.
This time a Lebanese hacker known as idahc – the same person who went after Sony Europe last Friday – dumped email addresses from a Sony Portugal database to prove they had infiltrated the website.
The hacker claimed on Pastebin they had discovered three different flaws on SonyMusic.pt, including SQL injection, cross-site scripting and iFrame injection vulnerabilities.
“The question that remains is whether Sony is reacting to this situation at all, or whether their strategy is simply to hope it goes away,” said Chester Wisniewski, senior security advisor at Sophos Canada, in a blog post.
“You would expect an organisation with 170,000 employees and over $88 billion in revenue over the last 12 months to be able to round up the resources necessary to secure their web presence.”
At the time of publication, Sony had not responded to a request for additional information on the hack.
Earlier this week, hacking group LulzSec claimed it had broken into Sony’s computer systems and posted the results online.
Sony has been pulverised by hackers in recent months, following the significant breaches in April, which saw the company’s PlayStation Network shut down.
During this week’s E3 2011 gaming conference, Sony yet again apologised for the PlayStation Network outages.
Despite the criticism it has received for its security practices, some in the industry have come forward to defend the entertainment giant.
“It's easy to forget that very large organisations with different geographies and business units cannot move quickly when it comes to something as difficult as improving security across all of the internet gateways and applications that it runs,” said Neil Campbell, global general manager for security at Dimension Data.
“Good security takes time to build and needs to be constantly reviewed and updated to ensure robustness to the new challenges that inevitably arise.”
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
