• Networking

  • Sony Ericsson Got Hacked by Idahca (Lebanese hacker Group)

http://goo.gl/dUlOp
. Idahca (Lebanese hacker Group) hack The database of ca.eshop.sonyericsson.com with a simple sql injection. Two attacks on Sony in one day. Today's Morning LulzSec Leak Sony's Japanese websites Database and Now Sony Ericsson's Eshop Database Hacked. Email, Password and names of 1000's of users are exposed via text file on pastebin. The news is provided by Hacker via email that they have extract the whole database and they leak the data online via their Facebook/Twitter Accounts. The Pastebin link is http://pastebin.com/4YGAWxQZ .
:D in case you missed it ;p
Hehe. Sony gets pwnt too easily.. :P
Though I oppose using hacking for malicious purposes, and the fact tat this would give Lebanon even more bad rep internationally, this is pretty awesome.

how silly would it be if all they had to do to login as admin was enter: admin'-- hehe
I actually once logged into the admin panel of a site with a simple:
username: admin
password: " = " or ' ' = ' '

Makes you wonder what type of fucked up programmer developed the website...
Ericsson are the inventors of erlang... I believe they outsourced the work on this website of theirs to spare money.
Kinda absurd, if not stupid to invest millions on R&D, and then outsource actual work to someone else. It can be justified though, but I think it's clear to everyone that they would have been better off developing this project in-house.
jadf24 wrotehow silly would it be if all they had to do to login as admin was enter: admin'-- hehe
It's not really simple like this, you need an in depth understanding of SQL.

Usually a login page is vulnerable to SQL injection is because it doesn't filter user input so it can be used to inject additional SQL queries and commands.

In ASP, for example the vulnerable line is : 
sSql = "SELECT * FROM tblCustomers where cust_name='" & myUsrName & "' and
cust_password='"&myUsrPassword&"'"
Let's say we entered the username: 
“ 'or 1=1-- “
the “--” syntax closes an SQL query, and everything after this line would be ignored. This leaves us with: 
SELECT * FROM tblCustomers where cust_name='' or 1=1--
Since 1=1 always equates to positive, the SQL query will return a true result, and the user will
successfully log in to the system, usually as the first user configured on the SQL database. Well this attack is just the SQL Authentication Bypass Attack. ( i guess this is what they call it. )

But actually we are nowhere near done, you still need to Identify SQL Injection Vulnerabilities and it differs with different versions, then you need to Enumerate Table Names, then you need to Enumerate the Column types, after that you can get your hands on the database or execute some codes.
This is just ASP , it differs a bit in PHP, you need to enumerate databases names, we can also inject backdoors.
You can actually find SQLi vulnerable websites using Google dorks or some scanners.


As i said it's not that easy by just entering that username.
Yay, well done! Let's bring more negative attention to ourselves and possibly more legally oppressive scrutiny into our thus-far oasis of security through obscurity.

Morons.
It's Sony's mistake if their systems are not relatively secure.

Well done Lebanese hackers!

I don't understand how some people still talk about 'image' when the big countries who should be ideal for 'images' have destroyed it.
What the heck did the hackers won?
After the terrorists we just needed the Lebanese hackers now attacking a reputable company.
There are no positive things in this, what a shame!
CSGeek wroteIt's Sony's mistake if their systems are not relatively secure.
Well done Lebanese hackers!
Hey CSGeek. You're walking along on the street. Someone suddenly comes up to you and beats the crap out of you. It's your mistake for not being prepared!
Yeah, great logic there.

Again I ask, what exactly is commendable here, that one should congratulate those hackers? Lebanese or not.
It's not like they're hacking some evil organisation in an initiative that can be seen as "noble" or "kickass."
You do realise this was most probably done in order to sell user info to spam distributors and other nefarious entities?
Or for bragging rights. Both dumb.

As for what you said about 'image'. What I mean is that so far, although Lebanon's tech infrastructure is in the gutter, we are still relatively free of constraints. If Sony or some foreign government body bullies our politicians to "get things under control", they'll fold like a stack of wet cards.

And true to their nature, they'd enforce laws in all the wrong ways. Remember when VoIP was officially outlawed? What if there was a decision to block all torrent traffic? or block whatever websites the government deems unsuitable? It would be easy enough to do, with most Lebanese Internet traffic going through one bottleneck.

It might seem far-fetched but this is how it usually starts.
This is no different from killing innocent people in a bomb attack. What did Sony do to deserve that? I'm not defending or rooting for them or anything, but what's that bad thing they did to deserve being attacked and hurt this way? They're a very innovative corporation, rather than being attacked, they should be awarded for making our lives easier and more enjoyable.
Is it possible that this is only a natural reaction to the corporate world's obsession with closeness. The way they alawys go: Don't be open about your products, control your network, DRM, serial numbers, activation codes, licenses, patents, ...
Why don't universities servers get hacked as much? Because they give their knowledge away!

Sony (and the industry at large) went too far with its restrictions. It angered the wrong type of people with its latest moves. When they banned the "Other OS" function, it's a whole community formed around Yellow Dog Linux on PS3. The way they control their PSN is bullshit.

I'm not saying they deserved what happened to them. I'm saying they reap what they sow.
rahmu wroteDon't be open about your products, control your network, DRM, serial numbers, activation codes, licenses, patents, ...
How do you ensure you stay competitive if you're going to give away what you've invested millions and millions on in Research & Development for free? Business just does not work this way...
Kassem wrote
rahmu wroteDon't be open about your products, control your network, DRM, serial numbers, activation codes, licenses, patents, ...
How do you ensure you stay competitive if you're going to give away what you've invested millions and millions on in Research & Development for free? Business just does not work this way...
Exactly , anyway whatever Idahca's motive was , it's still wrong and a another black point on our bad reputation file..As for controlling the other OS thing , i agree with Sony , you want to buy our PS3 ? We have some rules you need to respect in return , either you buy it and respect them or face consequences , imagine you were at their place creating a new generation gaming console , you wouldn't simply accept throwing your multi million dollar work in the toilet just like this
We all know what the PlayStation is and has been for 16 years. An Entertainment System not some sort of a developer tool, open source specifically.
I totally respect you guys and your contributions are a lot, look how Google takes care of the open source community.
When it comes to hacking we all know who should be hacked, Steve Balmer nothing can be said you all know why.

P.S: I have university, i dont have time thats why it was quick.
kareem_nasser wroteWhen it comes to hacking we all know who should be hacked, Steve Balmer nothing can be said you all know why.

P.S: I have university, i dont have time thats why it was quick.
Kareem, when you have time, kindly explain to me why.