SonyPictures Site Compromised

Published: 2011-06-03
Last Updated: 2011-06-03 19:51:37 UTC
by Guy Bruneau (Version: 1)
13 comment(s)

We have written diaries on Sony’s security woes over the past few months, first one was a DDoS against its infrastructure [1] followed by the hacking of the Sony PlayStation network that took their network offline for several weeks, affecting all its PlayStation customers [2]. This week, SonyPictures was compromised by a group of individuals calling themselves LulzSec who took over 1,000,000 unencrypted plaintext customer password. Last week, another attack took place, this time against Sony Music Entertainment Greece website [3] who took usernames, passwords, email addresses and phone numbers.

One question comes to mind. With all of this data lost, if a PCI compliant corporation can be this easily targeted and compromised, is PCI a good standard to measure security posture?

[1] http://isc.sans.org/diary.html?storyid=10654
[2] http://isc.sans.org/diary.html?storyid=10768
[3] http://mashable.com/2011/05/24/sony-hacker-attack

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Incidents
13 comment(s)

Oracle Java SE Critical Patch Update Pre-Release Announcement - June 2011

Published: 2011-06-03
Last Updated: 2011-06-03 15:16:18 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Next Tuesday, Oracle is planning to release a Java SE Critical Patch Update that will contain 17 new security fixes which may be remotely exploitable without authentication. "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible." [1]


[1] http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html


 -----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Java
0 comment(s)
New Poll: How are you dealing with Malicious Domains?

Release of Wireshark 1.6.0rc2

Published: 2011-06-03
Last Updated: 2011-06-03 00:11:20 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

This is the second release candidate of the upcoming 1.6 (stable) branch. This new branch contains several new enhancements and bug fixes. For example, support for files greater than 2 GB, it can export SSL session keys, it can export SMB objects, graphs now save as PNG images by default to name a few. It also supports a large number of new protocols. This update can be downloaded here.
 

[1] http://www.wireshark.org/lists/wireshark-announce/201106/msg00000.html

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Wireshark
0 comment(s)

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives