Spotlight falls on Sony’s troubled cybersecurity


FILE – This is a Thursday, May 26, 2011 file photo of people walking by Sony Building in Tokyo’s Ginza shopping district in Tokyo. Another massive data breach at Sony has left hackers exulting, customers steaming and security experts questioning why basic fixes haven’t been made to the company’s stricken cybersecurity program. (AP Photo/Shizuo Kambayashi, File)

LONDON (AP) — Another massive data breach at Sony has left hackers exulting, customers steaming and security experts questioning why basic fixes haven’t been made to the company’s stricken cybersecurity program.

Hackers say they managed to steal a massive trove of personal information from Sony Pictures’ website using a basic technique which they claim shows how poorly the company guards its users’ secrets. Security experts agreed Friday, saying the company’s security was bypassed by a well-known attack method by which rogue commands are used to extract sensitive data from poorly constructed websites.

“Any website worth its salt these days should be built to withstand such attacks,” said Graham Cluley, of Web security firm Sophos. Coming on the heels of a massive security breach that compromised more than 100 million user accounts associated with Sony’s PlayStation and online entertainment networks, Cluley said the latest attack suggested that hackers were lining up to give the company a kicking.

“They are becoming the whipping boy of the computer underground,” he said.

In a joint statement from Michael Lynton, Chairman and Chief Executive Officer, and Amy Pascal, Co-Chairman, Sony Pictures Entertainment on Friday night acknowledged the breach and said the company had taken action “to protect against further intrusion.”

“We have also retained a respected team of experts to conduct the forensic analysis of the attack,” the statement said. It did not go into details about specific actions that will be taken to prevent future security breaches.

It wasn’t clear how many people were affected. The hackers, who call themselves Lulz Security — a reference to the Internetspeak for “laugh out loud”– boasted of compromising more than 1 million users’ personal information — although it said that a lack of resources meant it could only leak a selection on the Web. Their claim could not be independently verified, but several people whose details were posted online confirmed their identities to The Associated Press.

Lulz Security ridiculed California-based Sony for the ease with which it stole the data, saying that the company stored peoples’ passwords in a simple text file — something it called “disgraceful and insecure.”

Several emails sent to accounts associated with the hackers as well as messages posted to the microblogging site Twitter were not returned, but in one of its tweets Lulz Security expressed no remorse.

“Hey innocent people whose data we leaked: blame Sony,” it said.

Sony’s customers — many of whom had given the company their information for sweepstakes draws — appeared to agree.

Tim Rillahan, a 39-year-old computer instructor in Ohio, said he was extremely upset to find his email address and password posted online for “the whole world to see.”

“I have since been changing my passwords on every site that uses a login,” he said in an email Friday. “Sony stored our passwords in plain text instead of encrypting the information. It shows little respect to us, their customers.”

He and others complained that they had yet to hear from the company about the breach, news of which is nearly a day old.

John Bumgarner, the chief technology officer for the U.S. Cyber Consequences Unit — a research group devoted to monitoring Internet threats — was emphatic when asked whether users’ passwords could be left unencrypted.

“Never, never, never,” he said. “Passwords should always be hashed. Some kind of encryption should be used.”

Bumgarner, who’s been critical of Sony’s security in the past, said the company needed to take a hard look at how it safeguards its data.

“It’s time for Sony to press the reset button on their cybersecurity program before another incident occurs,” he said.

Online:

Sony Pictures’ Twitter account: http://twitter.com/sonypictures

Raphael G. Satter can be reached at: http://twitter.com/razhael

GD Star Rating
loading...

From: http://us.rd.yahoo.com/finance/news/rss/story/*http://us.rd.yahoo.com/finance/news/topnews/*http://biz.yahoo.com/ap/110603/tec_sony_data_breach.html

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Shopping Cart

There are no items in your cart.

Our Products

  • Credit Repair Guide

    120px-Credit-cards
    120px-Credit-cards
    There are many misconceptions about credit scores out there. There are customers who believe that they don’t have a credit score and many customers who think that their credit scores just don’t really matter. These sorts of misconceptions can hurt your chances at some jobs, at good interest rates, and even your chances of getting More Info »
    $2.00$1.00
    by Camarillo Publishing
  • Do-It-Yourself Loan Modification Software Kit

    product_img_1_128x128
    product_img_1_128x128
    The loan modification software guides the you the homeowner to the necessary calculations and forms that the banks are looking for, they are done for you instantly. You simply enter your information and the software does the rest. The software also integrates the new Obama home rescue program designed to give you homeowners a better More Info »
    $29.99$10.00
    by Camarillo Publishing
  • Free Short Sale e-Book

    Image_shortsale_book
    Image_shortsale_book
    WARNING: Do not list your home as a Short Sale until you have read this totally FREE report. This eBook can help you to buy another home in as little as 12 months!
    $0.00
    by Camarillo Publishing
  • Lender Forms

    lender-forms
    lender-forms
    An assorted collection of lender forms.
    $0.00
    by Camarillo Publishing

Categories

Archives

Advertisement

Advertisement

Call Now: 877-239-1878