Sony should take a lession from PTCPay

[Robert]

Hello

I was just reading the newest attack against Sony. Below is part of what I read:

"The scariest part of this attack isn’t what was taken, but how easy it was for the LulzSec members to take it. According to the groups own press release, access to the main Sony Pictures website was gained using a very basic tactic called a SQL injection. We haven’t had a chance to examine the released files to see what this injection was, but it’s likely that an out-of-date software stack and relatively unprotected web server made passing the injection trivial.
LulzSec says that all of the information it took was unencrypted. “Sony stored over 1,000,000 passwords of its customers in plaintext,” says the hackers’ press release, “which means it’s just a matter of taking it. ”

Source: Sony Pictures Website Hacked, 1 Million+ Accounts Exposed

What makes me laugh about this is that I have no college degree and I make much, much, less then a Sony tech would, but yet ... I have solved these issues long ago. GeN4 is obviously more advanced then ANY Sony site/coding on a security level. They need a Robert on their site

Sony has over looked such important details, and their previous attack(s) could have been prevented by locking down insecure ports on their servers, integrating blocking/monitoring software to stop/notify them of intrusion attempts, and then of course ... always using SFTP or FTPES connections. Everything should be SSL or forced SSL if no cert. is in place for CPanel/WHM/Power Panel to prevent any plain text data being received by a person/program which is sniffing. Also, Sony can afford services which charge thousands to scan your network and report back problems you did not find. Things like the consultant edition of Acunetix ... they can afford it, why they are not using it, is beyond me.

Hearing about the methods they are using is very suprising to me due to the above list is just simple security, its not anything way advanced/complicated, ... and that is just a touch of what they can do also, I'm not going to go on and on about this and that ... hehe, just wanted to bring to light some simple facts about sloppy coding from one of the biggest software companies/developers in the world.

Thanks
Rob

[ralfwindow]

robert, you are awesome. HAHA

[Robert]

Quote:

Originally Posted by ralfwindow

robert, you are awesome. HAHA

Hello

Thanks for the compliment bro.

GeN4 stores passwords encrypted and also the API passwords are encrypted. Plain text ... my god!!

And to take down such a large corporation via such a simple method (injection) brings to light that no matter how big the company, no matter how many employees, no matter on their level of college degrees, .... mistakes do happen, bug do happen, and anyone who wants a perfect product/production in the online/web world, is sadly mistaken. There are hurdles and obstacles/changes in coding/mistakes which happen ... even to the biggest and best of 'em.

I am surprised:
1) Sql Injection Working
2) Plain text data being stored
3) Not patching this properly when it happened the first time/not going over every piece of work they have which is attack-able to ensure it would not continue to happen
4) Not releasing sooner the info which was took the first/second time it happened

These are all mistakes first year developers usually make ...

Thanks
Rob

[megibux]

XD sony fails
and this is why you never get a ps3 people get an xbox360 or a gaming computer

[Robert]

Quote:

Originally Posted by megibux

XD sony fails
and this is why you never get a ps3 people get an xbox360 or a gaming computer

Hello

Microsoft/Windows is the best of the best in the software industry. Windows servers are more secure with less options (customization wise/development wise, its like comparing IE to Firefox) then Linux systems.

Microsoft has been dealing with hacking allot longer then Sony, Microsoft server's are monitored by the industry's leading techs, and Microsoft MAKES servers so they have a better insight to intrusions.

Hopefully they will step things up now that they have had it happen 5X. They have lost millions due to irresponsible server administrators, their reputation is now damaged, and their security methods are questionable.

Thanks
Rob

[megibux]

Quote:

Originally Posted by robert

hello

microsoft/windows is the best of the best in the software industry. Windows servers are more secure with less options (customization wise/development wise, its like comparing ie to firefox) then linux systems.

Microsoft has been dealing with hacking allot longer then sony, microsoft server's are monitored by the industry's leading techs, and microsoft makes servers so they have a better insight to intrusions.

Hopefully they will step things up now that they have had it happen 5x. They have lost millions due to irresponsible server administrators, their reputation is now damaged, and their security methods are questionable.

Thanks
rob

microsoft ftw