Geek.com is reporting that Sony has been hacked yet again by a group called LulzSec. This time the target was www.sonypictures.com. The hack was carried out using a simple SQL injection attack and unbelievably the passwords were stored in plain text. Sony should unplug all of their internet connections worldwide. If I ever have someone's resume come across my desk and Sony is listed as a former employer that resume is going right in the round file.
Should SQL injection attacks really even be illegal? Think about it... what is a SQL injection attack? You enter a URL into a browser and the remote server returns data. What exactly is the crime? Seems to me everything is working as designed. Maybe Sony should be prosecuted for building a website that leaks personal information on demand.
No comments:
Post a Comment
Please note all comments are moderated by me before they appear on the site. It may take a day or so for me to get to them. Thanks for your feedback.