Scareware runs amok on PlayStation site
Sony gamed by hackers
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Gamers visiting the US Sony PlayStation website risk malware infection after the site was hit by hackers.
SQL injection vulnerabilities on the site were used by miscreants to load malicious code on pages showcasing the PlayStation games SingStar Pop and God of War, net security firm Sophos reports. The code promotes scareware to visitors, which falsely claims that their computers are infected with computer viruses to frighten them into purchasing software of little or no security utility.
Sophos warns that the same technique might easily be adapted to serve up computer Trojans or other forms of malware. Sophos informed Sony of the website vulnerabilities, which were purged by Thursday morning.
The attack is the latest in a wave of SQL injection attacks that have turned the websites of legitimate organisations into conduits for drive-by download assaults. Recent victims have included the website of tennis regulators ITF and ATP, the professional players tour and Wal-Mart. Large-scale SQL Injection attacks starting around October 2007 have hit a large number of small sites as well as high-profile targets.
Hackers use automated tools and search engines to search for vulnerable sites. Once identified these sites are booby-trapped with exploits designed to push malware onto vulnerable PCs.
The growing scale of the problem prompted HP and Microsoft to publish a set of tools designed to help web admins to identify and plug security holes that often lead to SQL Injection attacks. ®
COMMENTS
William
Oh for christs sake, you missed the point TOTALLY.
Yes I know IBM write the original SQL language but in the context of TODAY, now, when this article was written and when the VERY first idiot posted twisting it to bash the PS3, Microsoft have responsibility for SQL server and the general authoring and development of transact query in the SQL server context. That is was I meant by 'modern' my good man. And the quip about the English language... you totally missed the point and just like the first poster in here twisted something comment to suit your own moan.
Jesus fucking christ, the article was about SQL injection vulnerabilities hitting various company website, not console bashing. I merely pointed out people were throwing rocks for the wrong reasons and also highlighted the IRONY of the first post, slagging the PS3 and Sony bigging up the 360. When in actual fact it is a MS controlled product in SQL (as in the SQL of TODAY, as in what I meant by 'modern' that is all!), that has a large degree of blame at the heart of the matter.
I like a good tit for tat tongue in cheek bit of banter, and don't normally react. But today I'm going to cause you missed the point, just like all the other people doing console cock waving. Bollocks!
So there, right back at you Willy and you can stick your flame up your arse whilst you're at it!
Shame
Couldn't have happened to a nicer company.
Apart from Virgin.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
