Current category:Software

Sony Hit by Another Attack

Sony Hack

After we reported here and here, we thought that might, finally, be the end of the misery that Sony have been facing over the last month of security breaches. Alas not.

The Next Web, reporting on a story published by Naked Security, has revealed that Sony Music Japan has been targeted by hackers. This time it is thought that no personal data or credit card details have been stolen, but again hackers have managed to use SQL-injection techniques to breach the site.

While no personal data has been stolen, the hackers did mock the site, leaving a note on the site to let users know it had been compromised.

According to the report, Sony is reported to have lost upwards of $170 million as a result of the hack on their PlayStation Network, and that doesn’t take into account any official fines or law suites they may eventually have to answer to.

But of even great value than the money, it’s Sony’s reputation that seems to be taking the biggest battering.

If you’re running a website, no matter what the size, and particularly if that is a database driven site, then, to avoid the same reputation issues that Sony is suffering now, we advise the following:

  1. Make sure the server itself is patched and running the most up-to-date versions of the software you are using to run your site
  2. Make sure your SQL/Database server is also patched and running the most secure versions of the software
  3. Use best practice for writing secure scripts, to make sure that you are less likely to suffer SQL-injection issues
  4. Sensitive user data should be encrypted, if possible, or not accessible (for reading) from the website
  5. If you must store user credit card data, make sure it is encrypted, but better yet, use a third-party payment processor, who must meet the PCI DSS standards for storage, processing and access to such data
  6. Test, test and test again any scripts you might use to access and retrieve information from your database
  7. If at all possible, hire a security specialist to try to break into your data

As always, it’s impossible for hackers to get at data you don’t store – so only store what is absolutely necessary, and store it securely.

GD Star Rating
a WordPress rating system

About Justin Bellinger

Justin is an experienced software professional, having worked in software and software security for nearly 20 years. Justin is VP of Security Products at SPAMfighter.
This entry was posted in Software and tagged , , , . Bookmark the permalink.

2 Comments

  1. Pingback: Comodo Brazil Data Breach

  2. Pingback: Crimeware Targets SME/SMB Sector

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>