Sony Hacked Again: How Not to Do Network Security

Sony has been targeted once again by a hacking collective and more customer data has been breached.

Yes. As unbelievable as it may seem, Sony was hacked again. It is not (entirely) Sony's fault that it is the target du jour for hackers everywhere. But, it is Sony's fault that its networks and servers seem to be trivial to hack and easy to pwn.

The trials and tribulations of Sony's epic struggle against hacks and data breaches over the past month or so are well-documented. You can read all about the breach of Sony Ericsson Canada, or Sony BMG Greece, or the Sony Playstation Network, or any of the other network attacks against Sony all over the Web.

LulzSec, the hacker collective responsible for the Wikileaks hacktivism attack and fake Tupac resurrection story on the PBS site last week, made it clear that Sony was the next target on its radar. Now it has made good on that threat with a hack of the Sony Pictures network, and claims to have compromised the account details of a million users.

Now, I am of the opinion that there is no such thing as absolute security. Any network is vulnerable given an attacker with sufficient skills, resources, and time. So, it would be very easy for me to be sympathetic to Sony's plight--except Sony seems to ignore compliance requirements and basic security best practices, so it is basically begging to be attacked. Shame on you, Sony. Seriously.

Andrew Brandt, lead threat research analyst for Webroot, agrees. "Lulz Security says the information they stole was entirely unencrypted, and while we can't verify Lulz's statements, we can say that companies should take this as a warning to check their internal methods of storing their customers' confidential information and make sure they comply with industry standards such as PCI-DSS."

According to Randy Abrams, director of technical education for ESET, if Sony did, in fact, store passwords in plain-text as LulzSec claims, it is nothing short of blatant negligence.

Fred Touchette of AppRiver adds. "There is no doubt that Sony needs to spend some major effort in tightening up its network security. This latest hack against them was a series of simple SQL Injection attacks against its web servers. This simply should not have happened."

So, aside from not pissing off the hacker collectives of the world, what can other companies do to prevent becoming a poster child for network insecurity? The best advice is that following security best practices, and implementing stronger network and data security controls is best done before you're a victim of hacks like these, not after.

Tim 'TK' Keanini, CTO of nCircle, cautions organizations, though, against security 'silver bullets' or shortcuts. He likens improving network security to losing weight or improving physical fitness. "No matter how hard you work it's going to take more than a few days, even if you focus on nothing else. Great security is about more than technology. It has to be baked into business processes and into every employee's brains as they go about their everyday activities."

Be proactive about following security best practices and data security compliance requirements. Don't be a Sony.

Tags hackersnetwork securitysecuritydata breachdata protectionsony

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?