Overclock.net › Forums › Industry News › Software News › [softpedia]LulzSec Leaks Sony Devnet Source Code
New Posts  All Forums:Forum Nav:

[softpedia]LulzSec Leaks Sony Devnet Source Code - Page 7  

post #61 of 72
I went from being angry about Sony being hacked to straight up pity for them. Shame too, the Vita looks like a sweet piece of gear.
 
Gaming Rig
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel 3.06 GHz C2D Radeon HD4670 12GB 1067MHz DDR3 1TB 7200RPM 
Optical DriveCoolingCoolingOS
8x SuperDrive Air Air OS X 10.7.2 
MonitorKeyboardPowerCase
27" 2560 x 1440 LED Wireless BT 310W PSU Aluminum Enclosure 
MouseMouse Pad
Magic Mouse None 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q6600 Maximus Formula NVIDIA GeForce GTX 480 G.Skill 2x4GB DDR2 
Hard DriveOptical DriveCoolingOS
3x 500GB WD  Lite-On Air Windows 7 x64 HP 
MonitorKeyboardPowerCase
Gateway 24" 1900x1200 Razr Lycosa Corsair 750M Antec P180 
MouseMouse PadAudio
Razr DeathAdder Razr eXactMat Creative X-Fi Titanium 
  hide details  
 
Gaming Rig
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel 3.06 GHz C2D Radeon HD4670 12GB 1067MHz DDR3 1TB 7200RPM 
Optical DriveCoolingCoolingOS
8x SuperDrive Air Air OS X 10.7.2 
MonitorKeyboardPowerCase
27" 2560 x 1440 LED Wireless BT 310W PSU Aluminum Enclosure 
MouseMouse Pad
Magic Mouse None 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q6600 Maximus Formula NVIDIA GeForce GTX 480 G.Skill 2x4GB DDR2 
Hard DriveOptical DriveCoolingOS
3x 500GB WD  Lite-On Air Windows 7 x64 HP 
MonitorKeyboardPowerCase
Gateway 24" 1900x1200 Razr Lycosa Corsair 750M Antec P180 
MouseMouse PadAudio
Razr DeathAdder Razr eXactMat Creative X-Fi Titanium 
  hide details  
post #62 of 72
Quote:
Originally Posted by Vagrant Storm View Post
They are just kicking Sony when they are down...they are really starting to loose reputation now. Let Sony fix stuff and then attack them them again to test there new fix. Their cracker status is really starting to show. They are probably not going to stop until they are paid a lot of money...and then keep right on with their attacks.

I'd bet anything that the attacks we are seeing are all related to the original attack. If they got control of a router and Sony doesn't know they will keep getting hit over and over.
Black hats don't do stuff for money. They do stuff because people use terrible security, and they want to point it out, or they want a challenge.
Deimos
(13 items)
 
Pluto
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD 1090T Biostar TA890FXE Nvidia GTX 470 Corsair Vengence 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 MZ-7PC128D/AM Western Digital Black Western Digital Green Western Digital Blue 
CoolingOSOSMonitor
Dtek v2 Water Windows 7 Pro Fedora 16 LG4250 42" LCD TV 
KeyboardPowerCaseMouse
Microsoft Ergo Silverstone ST-1000P Cooler Master Cosmos 1000 Logitech G500 
Mouse PadAudio
X-Trac Ripper Asus D1 
  hide details  
Deimos
(13 items)
 
Pluto
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD 1090T Biostar TA890FXE Nvidia GTX 470 Corsair Vengence 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 MZ-7PC128D/AM Western Digital Black Western Digital Green Western Digital Blue 
CoolingOSOSMonitor
Dtek v2 Water Windows 7 Pro Fedora 16 LG4250 42" LCD TV 
KeyboardPowerCaseMouse
Microsoft Ergo Silverstone ST-1000P Cooler Master Cosmos 1000 Logitech G500 
Mouse PadAudio
X-Trac Ripper Asus D1 
  hide details  
post #63 of 72
Quote:
Originally Posted by AtomicFrost View Post
The issue is this: By "showing us the truth" they have released the personal information of civilians onto the internet. I don't believe that they have gone about this in the right way. If they really cared about protecting the "people" they should have had a private disclosure with Sony. Instead they want the attention.

At this point we also don't know who programed these websites. Did Sony contract the programing of these sites to another company? How easy is it to fix the programing issues that are allowing these attacks?
Well, as others have pointed out, the info released by LulzSec is not that sensitive, just enough to show that supposedly PRIVATE data is being exposed by Sony's lax security practices. Doesn't matter who programmed the websites or infrastructure, it was Sony's and it was Sony we entrusted our data to. How easy was it to fix, um, by updating their server software to a more secure version when the entire world is informed that the older version is vulnerable. This vulnerability in their server software is well known and has been for some time, most companies have long since moved on to more secure software, a lot of them way smaller than Sony so they should be able to afford the changes. This is a normal part of being secure with personal data, not some undue burden put on Sony by hackers, Sony just plain didn't care to follow industry standard best practices for securing customer data, period.
My System
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k ASRock Z77 Extreme6 EVGA GTX 980ti Superclock 4x4GB Samsung 1600mhz 
Hard DriveHard DriveCoolingOS
Samsung SSD840 2xMaxtor 200gb RAID0 Customer water cooling with '77 Bonneville rad Windows 10 Professional 
MonitorKeyboardPowerCase
27" Korean 1440p Razor mechanical Corsair TH850W CM Stacker 810 
MouseMouse Pad
Razor Lachesis generic 
  hide details  
My System
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k ASRock Z77 Extreme6 EVGA GTX 980ti Superclock 4x4GB Samsung 1600mhz 
Hard DriveHard DriveCoolingOS
Samsung SSD840 2xMaxtor 200gb RAID0 Customer water cooling with '77 Bonneville rad Windows 10 Professional 
MonitorKeyboardPowerCase
27" Korean 1440p Razor mechanical Corsair TH850W CM Stacker 810 
MouseMouse Pad
Razor Lachesis generic 
  hide details  
post #64 of 72
Quote:
Originally Posted by Urufu_Shinjiro View Post
Well, as others have pointed out, the info released by LulzSec is not that sensitive, just enough to show that supposedly PRIVATE data is being exposed by Sony's lax security practices. Doesn't matter who programmed the websites or infrastructure, it was Sony's and it was Sony we entrusted our data to. How easy was it to fix, um, by updating their server software to a more secure version when the entire world is informed that the older version is vulnerable. This vulnerability in their server software is well known and has been for some time, most companies have long since moved on to more secure software, a lot of them way smaller than Sony so they should be able to afford the changes. This is a normal part of being secure with personal data, not some undue burden put on Sony by hackers, Sony just plain didn't care to follow industry standard best practices for securing customer data, period.
SQL Injections are manly cased by improper programing of the website itself, not the underlying software. http://en.wikipedia.org/wiki/SQL_injection

The amount of time that it will take Sony to fix their websites really depends on how many SQL statements they need to fix / if they need to update the servers software.

I do agree that Sony needs to get this fixed now / should have not happened, but that doesn't mean that LolzSec is in the right.
Edited by AtomicFrost - 6/8/11 at 1:24pm
ColdCut
(14 items)
 
YetiKube
(19 items)
 
 
CPUMotherboardGraphicsRAM
5960x Asus Rampage V Extreme  XFX 295x2 Core Hydro Edition CORSAIR Vengeance LPX 16GB DDR4 2800 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 850 Pro  Samsung 850 EVO Western Digital Black 3TB  LG Bluray Burner 16x 
CoolingOSMonitorPower
H110i GT Windows 8.1 Pro Asus 4k Corsair AX1500i  
CaseAudio
Corsair 900D Stock 
CPUMotherboardGraphicsRAM
(1) 2500K ASRock Extreme3 Gen3 GTX 780 Classified Mushkin 996995 DDR3 1600 (2 Sticks) 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro (1) 150GB Western Digital Raptor (1) 1TB Western Digital Black Caviar (1) Samsung SATA DVD Burner 
CoolingOSMonitorKeyboard
Antec Kuhler H2O 620 Windows 8.1 LG 21:9 Ultrawide 34" 3440x1440 Filco 114 key (Blue Cherry) / HHKB Pro 2 
PowerCaseMouseMouse Pad
Corsair HX850W - 850W Mountain Mods - U2 UFO Orginal - Gloss Black Logitech G400 / Razer Deathadder BE Razer Goliathus Extended / Artisan Hien VE (Sof... 
AudioOtherOther
Creative Sounds Blaster X-FI Titanium HD Asus USB N-53 Wireless USB adapter  12 Case Fans 
  hide details  
ColdCut
(14 items)
 
YetiKube
(19 items)
 
 
CPUMotherboardGraphicsRAM
5960x Asus Rampage V Extreme  XFX 295x2 Core Hydro Edition CORSAIR Vengeance LPX 16GB DDR4 2800 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 850 Pro  Samsung 850 EVO Western Digital Black 3TB  LG Bluray Burner 16x 
CoolingOSMonitorPower
H110i GT Windows 8.1 Pro Asus 4k Corsair AX1500i  
CaseAudio
Corsair 900D Stock 
CPUMotherboardGraphicsRAM
(1) 2500K ASRock Extreme3 Gen3 GTX 780 Classified Mushkin 996995 DDR3 1600 (2 Sticks) 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro (1) 150GB Western Digital Raptor (1) 1TB Western Digital Black Caviar (1) Samsung SATA DVD Burner 
CoolingOSMonitorKeyboard
Antec Kuhler H2O 620 Windows 8.1 LG 21:9 Ultrawide 34" 3440x1440 Filco 114 key (Blue Cherry) / HHKB Pro 2 
PowerCaseMouseMouse Pad
Corsair HX850W - 850W Mountain Mods - U2 UFO Orginal - Gloss Black Logitech G400 / Razer Deathadder BE Razer Goliathus Extended / Artisan Hien VE (Sof... 
AudioOtherOther
Creative Sounds Blaster X-FI Titanium HD Asus USB N-53 Wireless USB adapter  12 Case Fans 
  hide details  
post #65 of 72
Quote:
Originally Posted by AtomicFrost View Post
SQL Injections are manly cased by improper programing of the website itself, not the underlying software. http://en.wikipedia.org/wiki/SQL_injection

The amount of time that it will take Sony to fix their websites really depends on how many SQL statements they need to fix / if they need to update the servers software.

I do agree that Sony needs to get this fixed now / should have not happened, but that doesn't mean that LolzSec is in the right.
It wasn't the websites, it was the servers themselves.

This is from the original hack:

Quote:
Cybersecurity expert and industry icon Dr. Gene Spafford of Purdue University dropped a bomb on the Sony Corporation in testimony before the Congressional Subcommittee on Commerce, Manufacturing, and Trade on Wednesday.

Dr. Spafford asserted that Sony was running outdated and obsolete software on the PlayStation and Online Entertainment Networks, leaving the systems extremely vulnerable to the kind of attack that subsequently led to the breach of over 100 million customer records.

Spafford testified that security experts learned months ago that Sony was still using older versions of the Apache Web server software after the fact was disclosed on industry Internet discussion forums.

According to an article in ConsumerReports, the discussions centered around concerns that Sony's networks were "unpatched and had no firewall installed."

Spafford stated that the vulnerabilities were "reported in an open forum monitored by Sony employees" several months prior to the attack against the company's systems.

"If Dr. Spafford's assessment is accurate, it's inexcusable that Sony not only ran obsolete software on servers containing confidential data, but also that the company continued to do so after this information was publicly disclosed," said Jeff Fox, Consumer Reports Technology Editor.
Source

More Detailed Info

Quote:
Sony was, as of the hacking attack, using very outdated server software, searchable as OpenSSH 4.4 - current version is 5.7. Back in 2006 there were reports about OpenSSH 3.x and 4.x, and the security issues those versions utilize.

But SSH was not the only open door for hackers: Sony used to outdated version of the Apache webserver as well. Apache server was found on Sony's current version is 2.2.10 while 2.2.17. Sun Sony made it easy for hackers to access sensitive data since summer 2009 as there were bug reports about "dangerous security issues" Mentioned in the version, as Hamburger Press states.
And this is pretty much the same vulnerability still being exploited, Sony hasn't fixed a thing.
Edited by Urufu_Shinjiro - 6/8/11 at 1:39pm
My System
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k ASRock Z77 Extreme6 EVGA GTX 980ti Superclock 4x4GB Samsung 1600mhz 
Hard DriveHard DriveCoolingOS
Samsung SSD840 2xMaxtor 200gb RAID0 Customer water cooling with '77 Bonneville rad Windows 10 Professional 
MonitorKeyboardPowerCase
27" Korean 1440p Razor mechanical Corsair TH850W CM Stacker 810 
MouseMouse Pad
Razor Lachesis generic 
  hide details  
My System
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k ASRock Z77 Extreme6 EVGA GTX 980ti Superclock 4x4GB Samsung 1600mhz 
Hard DriveHard DriveCoolingOS
Samsung SSD840 2xMaxtor 200gb RAID0 Customer water cooling with '77 Bonneville rad Windows 10 Professional 
MonitorKeyboardPowerCase
27" Korean 1440p Razor mechanical Corsair TH850W CM Stacker 810 
MouseMouse Pad
Razor Lachesis generic 
  hide details  
post #66 of 72
Quote:
Originally Posted by Urufu_Shinjiro View Post
Sony hasn't fixed a thing.
Sony doesn t seem to give a damn about their internet stuff it seems.
Still no firewalls ?!
They should just return to the audio-video stuff they were making in the '80-'90 and be kings again there.
Glad i don t have a Sony console connected to their network.
   
AMD HTPC
(13 items)
 
CPUMotherboardGraphicsRAM
AMD FX 6300  Asus Sabertooth 990FX R 2.0 Sapphire 6950 unlocked Geil 
Hard DriveOptical DriveCoolingOS
WD Sony Corsair H60 Mepis Tetris 
MonitorKeyboardPowerCase
LG HD  Logitech G11 OCZ 750 F1 Nexus Clodius Black 
MouseMouse PadAudio
Logitech G5R Mionix Creative X-Fi Xteme Music 
CPUMotherboardGraphicsRAM
AMD Athlon 860K MSI A88X-G41 PC Mate Sapphire R7 265 Crucial Elite 2 X 4 
Hard DriveOptical DriveCoolingOS
WD /Seagate Optiarc/LG Cooler Master Hyper TX2 Mepis Tetris 
MonitorKeyboardPowerCase
LG HD  Logitech generic Corsair CS650 Nexus Clodius White 
MouseMouse PadAudio
A4 Crap Mionix Anus Xonar D1 
CPUMotherboardGraphicsRAM
AMD Athlon 5150 ASUS AM1M-A  IGD Crucial 2X2G 
Hard DriveOptical DriveCoolingOS
Seagate 640Gb junk SONY DVD-RW Stock OpenSuse/Ubuntu 
MonitorKeyboardPowerCase
LED TV Logitech wireless FSP Foxconn 
Mouse
Logitech wireless 
  hide details  
   
AMD HTPC
(13 items)
 
CPUMotherboardGraphicsRAM
AMD FX 6300  Asus Sabertooth 990FX R 2.0 Sapphire 6950 unlocked Geil 
Hard DriveOptical DriveCoolingOS
WD Sony Corsair H60 Mepis Tetris 
MonitorKeyboardPowerCase
LG HD  Logitech G11 OCZ 750 F1 Nexus Clodius Black 
MouseMouse PadAudio
Logitech G5R Mionix Creative X-Fi Xteme Music 
CPUMotherboardGraphicsRAM
AMD Athlon 860K MSI A88X-G41 PC Mate Sapphire R7 265 Crucial Elite 2 X 4 
Hard DriveOptical DriveCoolingOS
WD /Seagate Optiarc/LG Cooler Master Hyper TX2 Mepis Tetris 
MonitorKeyboardPowerCase
LG HD  Logitech generic Corsair CS650 Nexus Clodius White 
MouseMouse PadAudio
A4 Crap Mionix Anus Xonar D1 
CPUMotherboardGraphicsRAM
AMD Athlon 5150 ASUS AM1M-A  IGD Crucial 2X2G 
Hard DriveOptical DriveCoolingOS
Seagate 640Gb junk SONY DVD-RW Stock OpenSuse/Ubuntu 
MonitorKeyboardPowerCase
LED TV Logitech wireless FSP Foxconn 
Mouse
Logitech wireless 
  hide details  
post #67 of 72
Quote:
Originally Posted by Urufu_Shinjiro View Post
It wasn't the websites, it was the servers themselves.

This is from the original hack:



Source

More Detailed Info



And this is pretty much the same vulnerability still being exploited, Sony hasn't fixed a thing.
It sounds like the attacks LolzSec have done against Sony are SQL injections. Should Sony have updated the software on their servers? Yes

Quote:
According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford.
When did "open Internet forums" become a reliable source of information? Did Dr. Spafford actually verify the information stated on the forums was correct?

However, neither of these sources have proved that any of these attacks occurred due to outdated software. Even if the software being outdated allowed these attacks, that doesn't make what LolzSec did right.
Edited by AtomicFrost - 6/8/11 at 2:00pm
ColdCut
(14 items)
 
YetiKube
(19 items)
 
 
CPUMotherboardGraphicsRAM
5960x Asus Rampage V Extreme  XFX 295x2 Core Hydro Edition CORSAIR Vengeance LPX 16GB DDR4 2800 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 850 Pro  Samsung 850 EVO Western Digital Black 3TB  LG Bluray Burner 16x 
CoolingOSMonitorPower
H110i GT Windows 8.1 Pro Asus 4k Corsair AX1500i  
CaseAudio
Corsair 900D Stock 
CPUMotherboardGraphicsRAM
(1) 2500K ASRock Extreme3 Gen3 GTX 780 Classified Mushkin 996995 DDR3 1600 (2 Sticks) 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro (1) 150GB Western Digital Raptor (1) 1TB Western Digital Black Caviar (1) Samsung SATA DVD Burner 
CoolingOSMonitorKeyboard
Antec Kuhler H2O 620 Windows 8.1 LG 21:9 Ultrawide 34" 3440x1440 Filco 114 key (Blue Cherry) / HHKB Pro 2 
PowerCaseMouseMouse Pad
Corsair HX850W - 850W Mountain Mods - U2 UFO Orginal - Gloss Black Logitech G400 / Razer Deathadder BE Razer Goliathus Extended / Artisan Hien VE (Sof... 
AudioOtherOther
Creative Sounds Blaster X-FI Titanium HD Asus USB N-53 Wireless USB adapter  12 Case Fans 
  hide details  
ColdCut
(14 items)
 
YetiKube
(19 items)
 
 
CPUMotherboardGraphicsRAM
5960x Asus Rampage V Extreme  XFX 295x2 Core Hydro Edition CORSAIR Vengeance LPX 16GB DDR4 2800 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 850 Pro  Samsung 850 EVO Western Digital Black 3TB  LG Bluray Burner 16x 
CoolingOSMonitorPower
H110i GT Windows 8.1 Pro Asus 4k Corsair AX1500i  
CaseAudio
Corsair 900D Stock 
CPUMotherboardGraphicsRAM
(1) 2500K ASRock Extreme3 Gen3 GTX 780 Classified Mushkin 996995 DDR3 1600 (2 Sticks) 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro (1) 150GB Western Digital Raptor (1) 1TB Western Digital Black Caviar (1) Samsung SATA DVD Burner 
CoolingOSMonitorKeyboard
Antec Kuhler H2O 620 Windows 8.1 LG 21:9 Ultrawide 34" 3440x1440 Filco 114 key (Blue Cherry) / HHKB Pro 2 
PowerCaseMouseMouse Pad
Corsair HX850W - 850W Mountain Mods - U2 UFO Orginal - Gloss Black Logitech G400 / Razer Deathadder BE Razer Goliathus Extended / Artisan Hien VE (Sof... 
AudioOtherOther
Creative Sounds Blaster X-FI Titanium HD Asus USB N-53 Wireless USB adapter  12 Case Fans 
  hide details  
post #68 of 72
Quote:
Originally Posted by Annex View Post
I wonder if the hackers are actually making any money from doing this.. Seems like a waste if you can't profit.

Apparently they are. Someone(s) is giving them "donations" to keep up the attacks.

I'd love to speculate about who that someone(s) is and what their motives are.

First guess - someone connected to L-3.
post #69 of 72
"fire sale" any 1?
post #70 of 72
Quote:
Originally Posted by EdgeofSanity View Post
I can't be the only one who thinks this is awesome, can I?
No I'm with you. I can't stop lol'ing at this. Every time I view the news now I look to see if Sony has been hacked again.
Epic Build! 0.0
(13 items)
 
  
CPUMotherboardGraphicsRAM
{Intel i7 930 @ 4.2 GHz w/ HT} {Asus Rampage III Extreme} {Zotac AMP! + EVGA GTX 480 SLI @ 800/1600/1900} {G.SKILL Ripjaws 6GB DDR3 1605Mhz @ 7-8-7-20-1N} 
Hard DriveOptical DriveOSMonitor
{OCZ Agility 2 120GB, WD Black 1TB, F4 2TB RAID1} {Asus DVD+/- RW} {Windows 7 Ultimate 64 bit} {Asus VH242H 23.6" 1080p} 
KeyboardPowerCaseMouse
{Logitech G15} {Corsair HX 1000W} {CoolerMaster HAF-X} {Logitech G700} 
Mouse Pad
{Razer Goliathus - Speed} 
  hide details  
Epic Build! 0.0
(13 items)
 
  
CPUMotherboardGraphicsRAM
{Intel i7 930 @ 4.2 GHz w/ HT} {Asus Rampage III Extreme} {Zotac AMP! + EVGA GTX 480 SLI @ 800/1600/1900} {G.SKILL Ripjaws 6GB DDR3 1605Mhz @ 7-8-7-20-1N} 
Hard DriveOptical DriveOSMonitor
{OCZ Agility 2 120GB, WD Black 1TB, F4 2TB RAID1} {Asus DVD+/- RW} {Windows 7 Ultimate 64 bit} {Asus VH242H 23.6" 1080p} 
KeyboardPowerCaseMouse
{Logitech G15} {Corsair HX 1000W} {CoolerMaster HAF-X} {Logitech G700} 
Mouse Pad
{Razer Goliathus - Speed} 
  hide details  
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
This thread is locked  
Overclock.net › Forums › Industry News › Software News › [softpedia]LulzSec Leaks Sony Devnet Source Code