From BBC: Lulz Security: "SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now.
"From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"
The real lesson is "don't use SQL". I have seen it time and again and I have seen how easy it is to get in. I even see regular attempts at injection on our own site, except that we don't use SQL so nothing happens.
Having said that, just because someone leaves a door open doesn't mean you have to go in and steal the family silver. This attack could cost Sony it's very existence. What good does that do for the millions of people who signed up? Lulz have published all their names, street addresses and emails on their website. For a bit of fun Lulz has angered or saddened a million innocent users.
No comments:
Post a Comment