Sony's new security plan: so many flaws hackers tire before hitting them all

Tiny ISP subsidiary takes small hit; big sites still show big flaws

By  

At first glance, news another Sony property has been successfully hacked looked like a death-knell for the company's efforts to lock itself down against the crack in security that was looking more and more like a revolving door.

On second glance, it looked like a minor, copycat attack – a skirmish around the edges of Sony's giant online property line.

On third glance it was back to a micro version of the first glance – more the hotel clerk hitting the desktop bell summoning Death to sound the death knell than the Slow Toll itself.

The May 20 attack (someone had to sneak in one more exploit before being Raptured) was against Sony's So-Net ISP network – a tiny target compared to the Playstation Network and SEO, which were both hacked and have been up and down like a yo-yo ever since.

Hackers took about $1,200 worth of "virtual points" – some kind of cash-equivalent promotional or customer-reward offer – but apparently not personal data on customers.

PCWorld's Matt Packham points out the comparatively trivial size of the attack and angst-inducing method: So-Net updates admitted the crack happened after the same IP address tried to access the site thousands of times before it gained entry.

That makes it very likely the hack was some amateur running a brute-force password-cracking attack – the equivalent of breaking a store window with a brick compared to a devilishly stylish, impeccably timed heist by the digital equivalent of Ocean's Eleven.

That's a pretty cheesy way to get hacked if you're one of the leading technology companies on the planet, even if you might not have had time to run all the new security you'd like to on all your varied properties because you were still distracted by the effort of getting victims of the original pillage back online.

A week before someone threw a brick through So-Net, a U.S.-based security researcher used a plain browser and Google search to find a number of easily exploitable flaws that could give hackers easy access to logins, usernames and information on security that would make other attacks far easier.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question