Sony Password Reset: Problem or Caution?

Subject: General Tech | December 5, 2013 - 04:33 PM |
Tagged: sony, Data Breach

Sony has detected "irregular activity" on their network and, as a precaution, have initiated password resets for several of their customers. Of course the great PlayStation hack is still fresh in our memory. Beyond the potential reference jokes, this time could be a sign that they learned their lesson.

15-Kaz.jpg

My hands are still in head-crushing formation.

My gut feeling is that Sony has noticed odd traffic from attackers trying to use break into accounts using information compromised from other sources (such as the recent Adobe hack). I actually received a similar email from Blizzard, just a couple of weeks after the Adobe hack, urging me to reset my password. It does not surprise me that whoever has access to the blob (heck it is probably public by now) would be poking gaming services to extort or troll.

I will give Sony the benefit of the doubt (especially considering how probable it is) and say they have learned from their lesson. This is the same practice used by to good security firms: push the big red reset button whenever something looks fishy and keeps your affected customers informed.

Of course I could eat my words if it is found out that Sony knows of a gigantic problem behind the scenes -- but I doubt it. Congratulations on handling the situation properly, Sony, even if it does open you up to misinformed trolls.

Source: The Verge

Hackers Compromise Ubuntu Forums Database, Deface Website, And Make Off With The Encrypted Passwords and Email Addresses of Nearly 2 Million Users

Subject: General Tech | July 21, 2013 - 09:16 PM |
Tagged: ubuntu forums, ubuntu, hack, Data Breach, Customer Data, canonical

A group of hackers attacked and defaced the  Canonical-backed Ubuntu Forums website yesterday. The hackers used an exploit to gain unauthorized access to the forum database and made off with data from approximately 1.82 million users. To make matters worse, the attackers then defaced the forum site itself by placing a landing page poking fun at the site administrators and boastfully including two twitter handles: @Sputn1k_ and a mention of @rootinabox.

Canonical has not released details on how the attackers accomplished the data breach, but stated that its security team is working to get the site back up and looking into what exactly happened.

From what has been discovered thus far, the hackers have reportedly made off with the passwords, usernames, and email addresses of all its users.

The company recommends that users change passwords on any other services immediately if they used their Ubuntu Forums password for log-ins on other websites or online services.

Ubuntu Forums Data Breach.png

ZDNet managed to snag a screenshot of the defaced web page.

Fortunately, all of the passwords in the database were salted and hashed, and not stored in plain text. The exact hashing method was not detailed, however. Also, other Ubuntu services were not affected and user data in services such as Ubuntu One (Canonical’s cloud storage offering) is still safe.

If you had an account on the Ubuntu Forums and used the same password, you should change your passwords now just to be on the safe side. Users of the forum should keep an eye on this announcement page for more details on the hack and updates on the forum restoration process as it progresses.

Anonymous Denies Responsibility For Sony PSN Attack

Subject: General Tech | May 6, 2011 - 06:20 AM |
Tagged: sony, Internet, Data Breach, Anonymous

As Sony analyzed the forensic data of the recent PSN/SOE attack, they discovered a text file named "Anonymous" and containing the phrase "We are legion," according to Network World. As a result of this, Sony even went so far as to accuse the hacker group as the responsible party in hacking the Playstation Network (and stealing customers' information) in a letter to the U.S. congress.

Anonymous responded to the implications brought by Sony today. Network World reports that Anonymous has stated they were not involved in the attack and that "others performed the attack with the intent of making Anonymous look bad." Based on a press release by the hacker group, it's prior victims had motive to irreparably defame the group in the public eye.  Anonymous stated that they have never been involved in credit card theft.  Further, they claim to be an "ironically transparent movement," and had they truly been behind the attack they would have claimed responsibility for their actions.

The press release goes on to state that "no one who is actually associated with our movement would do something that would prompt a massive law enforcement response."  They further claim that the world's standard fare of Internet thieves would have invested interest in making Sony and law enforcement agencies believe it was Anonymous to throw police off of their trail.

The hacker group names such former victims as Palantir, HBGary, and the U.S. Chamber Of Commerce of being organizations that would like to discredit Anonymous.  "Anonymous will continue its work in support of transparency and individual liberty; our adversaries will continue their work in support of secrecy and control," they state in their press release "we are anonymous."

As Anonymous, Sony, and spectators the world over debate, the affected public continues to wait for the true identies of the hackers involved in stealing 77 milion Sony customers' private information to come to light.