Beijing time May 2nd news, according to foreign media reports, SONY announced that after investigation, it found earlier attacked its system with Anonymous hacker organization, PlayStation network and Qriocity music services were recently against events have nothing to do.SONY executive vice President flat Kazuo Hirai) well lady (in Tokyo said at a news conference in April 20, when SONY is located in San Diego data centre was "technology of ace" attack, the company immediately closed its network games and entertainment services. These network services later this week to restore on-line.SONY's PlayStation network and in music service Qriocity attack, two weeks before the Anonymous hacker organization PlayStation network to members who have launched a "denial of service" (denial - - service) attack, revenge SONY prosecute hackers George horowitz (George Hotz) behavior. Previously, George PlayStation 3 console prison changed the firmware, let it run Linux OS operating system. SONY believes that George this violates the Digital Millennium Copyright Act (Digital Millennium Copyright Act) U.S., the bill would prohibit using reverse engineering crack encryption protection measures.
"Although the attack has nothing to do with Anonymous organization, but SONY network has been the organization's potential target." Flat Wells, "said lady, SONY executives also the personal information, including their child's name, school and their other family name, are posted online. This kind of network attack may not just for SONY company. In order to protect the personal information and network environment safety, SONY will and law enforcement and network security organization cooperation, to continue the fight against illegal invasion of behavior." network The loose Internet organization with SONY PlayStation network has stated Qriocity music service was recently with the event irrelevant attack. The group at a website released an article entitled, "this time, we didn't do" card, a public statement its core members and not against SONY or PlayStation network. However, the statement does not exclude the organization individual members against SONY possibility. "The c ore of AnonOps Anonymous organization with the incident members have no relation, don't need to pay, but has not ruled out the other members of the Anonymous organization left." The statement said.
The hackers have been SONY charged with horowitz also denied on the attack. "I'm not mad, also don't let the FBI man knocked at my door." He writes in, "said blogs in your own equipment operation of their own design software, and test your equipment safety performance, this is a very cool thing. But when you invade others server, and steal the user's information, it is not a laughing matter."
At present, behind the attack hacker identity is still a mystery. SONY claims that hackers steal millions of registered users' personal information, but no proof shows that hackers have access to users of credit card Numbers database. If true, this seems can eliminate hackers on the attack for is the purpose of trying to make fortune. When a journalist asked flat Wells lady the attack when what motive behind may be, flat Wells lady answer says he can't guess they motive .
Avoid the seven methods: Anonymous attack 1. Don't assume you will receive attack types. Barr think Anonymous just on the company's web site launched DdoS attack, as the organization to attack other companies as method of assault, but that was not the case.
2. Use tested and with updating, patch repair and support content management system. HBGary Federal company is used for its website, and custom CMS this system is vulnerable to a SQL injection attack, which is HBGary Anonymous successful visit to Federal database using tactics.
3. In the database to store the hash or completely password rehash (again to create the hash mechanism using internal form). HBGary company for its password was indeed hash operation, but they have no additional characters (used to remove to show real password), nor rehash has hashing code to add complexity to break the password dissolved column. The password will still vulnerable to violence against, but the attacker will need to spend more time.
4. Use high strength password. Using the computer keyboard various types of characters long password will be more difficult to be breached, because then a rainbow table (a rainbow table is a huge, according to various possible letter combinations hash value calculated beforehand good set, not necessarily for the various algorithm, MD5 algorithm of all have, it can quickly crack all kinds of password) password breached tool will not very successful breached password. If the password is by long string of characters and computer keyboard all types of symbols (not only letters and Numbers) composition word, password hash will become very complex, difficult to create a rainbow table for this password. However HBGary company managers use simple 8 character password, two Numbers and six letters, a rainbow table will soon cracked the code.
5. Don't repeated use of password, some HBGary company managers use the same password to access the company's CRM system and their network electronic mail, even Twitter, SSH validation and enterprise storage server. The attacker cracked the company is one of the password Google account of E-mail administrator for more than one account, because he use the same password, which ultimately causes all the company's E-mail was breached.6. Keep the system HBGary company key server update, there is a known about the vulnerabilities, and demotioneing run privileges have been issued patches also use this loophole, Anonymous.
7. Enhance the user for social engineering consciousness. Anonymous HBGary company from Greg Hoglund was breached founder of account to the network administrator to send e-mails, ask him for confidential information, like Hoglund oneself in asking the same. In reply E-mail, administrator open firewall port, provides Hoglund server (the company's rootkit. Com web server) user name and password.
iAutoblog the premier autoblogger software
No comments:
Post a Comment