Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Sony Falls Victim To SQL Injection Attack

Verizon Business : 06 June, 2011  (Technical Article)
Verizon Business warns that SQL Injection Attacks are a common access point for hackers and the technique continues on its upward trend of popularity

A group of hackers operating under the name LulzSecurity announced in a statement posted on its website on Thursday that it had compromised SonyPictures.com, gaining access to the passwords, email addresses, dates of birth and home addresses of one million users. The vector for attack was an SQL injection, one of the most common online vulnerabilities. This attack joins a host of others targeting Sony in recent weeks.


Aziz Maakaroun, business development director at Outpost24, made the following comments: “Yet another successful attack on Sony raises serious questions about the organisation’s security. What is particularly shocking here is that this hack utilised one of the oldest tricks in the book, an SQL injection vulnerability. Not only are SQL injections one of the most common and well known threats on the web, they are also one of the most easily protected against.


“We know from recent statistics that attacks via SQL injections are on the up, accounting for half of attacks in 2009 and spiralling to almost four fifths in 2010. An SQL injection is not a subtle exploit, and can be easily protected against by ensuring that web applications are securely coded – to not protect your company against this form of attack is the equivalent of leaving your front door unlocked. Organisations should take note of Sony’s recent woes and beef up their web security to ensure that they do not fall victim to similar embarrassment.


“Organisations must assess applications hosted on their sites for errors in coding. Vulnerability scanners can carry this out automatically, at a low cost and with little time investment. Attacks of this nature push consumer and investor confidence in an organisation to rock bottom, disrupting revenue and driving potential customers elsewhere. Others may look at Sony’s victimisation and think “I’m glad that isn’t happening to my company”, but they need to realise that they too may be vulnerable. To not protect sensitive consumer data adequately is an absolute no-no, which can result in a feeding frenzy for hackers and the protracted humiliation of a company.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo