Forgot your password?
typodupeerror
Sony Security Games

Phishing Site Discovered On Sony Thailand Servers 44

Posted by Soulskill
from the can't-win-for-losing dept.
mcgrew tips news that security firm F-secure has found a live phishing site running on Sony's Thailand servers. "Basically this means that Sony has been hacked, again. Although in this case the server is probably not very important." This comes alongside news that a point service run by So-net, a Sony subsidiary, was accessed by an unknown intruder, who stole about $1,200 worth of virtual tokens. "The intrusions are believed to have taken place on May 16 and 17. So-net discovered the breach on May 18, after receiving consumer complaints. So-net halted the point redemption service following the discovery of the breach. The latest breaches are relatively minor in scale compared to the massive breach at PSN and Sony Entertainment Online. Even so, it only adds to the company's embarrassment."
This discussion has been archived. No new comments can be posted.

Phishing Site Discovered On Sony Thailand Servers

Comments Filter:
  • Ivan Vanko: [laughs] If you could make God bleed, people would cease to believe in him, there will be blood in the water, the sharks will come. All I have to do is sit back and watch as the world consumes you. Not that Sony was ever a God but the idea holds for any giant corporation with enough money buy the best security in the world. They were made to bleed and this won't be the last of these.
    • Re: (Score:2, Insightful)

      by drinkypoo (153816)

      The greatest trick the devil ever pulled was convincing the world he doesn't exist.

      Hell, of course, was made up to scare the sheeple, but the Devil is real and he is laughing.

  • The only way to deal with a mad dog is to kill it, without hesitation... Eat it raw, Sony!

    • by mcgrew (92797) *

      I would have thought that after XCP they'd be done. So I'm not holding my breath.

  • by ZWithaPGGB (608529) on Saturday May 21, 2011 @01:25AM (#36199670)
    Seems Sony in Thailand uses a shared hosting setup. More details @ ThreatSTOP's Blog [threatstop.com]
  • Make. Believe, indeed.

    Sony definitely have a mountain to climb if any consumer is really going to believe in them again. They haven't just dropped the ball in regards to a few basement dwelling geeks, but have dropped the ball in-front of a crowd the tens of million.

    • by Anonymous Coward

      Unfortunately the crowd of tens of millions has the memory of a potatoe. They'll have forgotten all about this by the time the next shiny, hyped game will be released. Hell, even geeks are not much better. Just look at how apologetic many of them are towards Microsoft, who hasn't become any less evil, just less relevant.

      • by Anonymous Coward

        You are assuming that potatoes have a lot more memory than they do.

        Give this 3 months. Heck, by the time college freshmen arrive at their dorms in the fall, the PSN issue will have been completely forgotten, and business as usual will continue.

        Ask any computer security person who has worked in the private sector. Other than a few companies who actually try to keep their barn door shut, a goodly number of businesses know that they won't suffer much if there is a loss. At best they will say that they will

    • by Pieroxy (222434)

      Do you really think this will affect their sales in a significant manner? I don't think so.

    • Their customers don't care. They're finding excuses for Sony and threatening to kill the developers that worked on restoring OtherOS on the PS3. Sony'll be fine.
  • Amateur Phishers... (Score:4, Interesting)

    by tlhIngan (30335) <.slashdot. .at. .worf.net.> on Saturday May 21, 2011 @02:14AM (#36199874)

    Man, that's a bit amateurish on the side of the phishers.

    They had access to a *SONY* server. The same Sony who just admitted issues on their systems. Surely they should've just set up a fake phishing site imitating Sony? I mean, set up a realistic looking Sony form asking for way more information than you need, host it on Sony server so Sony's domain points to it, put it in a plausible looking path, and send out an email faking a Sony return address.

    Honestly, this would present such a great phishing and drive-by-download install opportunity, I'm surprised they didn't use it. It originates from a Sony email address, the link points to a Sony server (and even if they type it in themselves, it's still Sony's domain), but a third party is really phishing that information. I'd guess you'd get a good chunk of people filling that information in. Forward them to the real Sony login page...

    If they had access to the Sony SSL server... oh my.

    Something like this would pass most of the basic sniff tests for phish emails and make it almost impossible to determine if it's really Sony or a phisher using Sony's server.

  • by imunfair (877689) on Saturday May 21, 2011 @09:22AM (#36201336) Homepage

    I don't like Sony as a company, but this is one time I'm not sure if the claims against them are actually true. The article gave next to no details, and the site is already down so I can't look at it to see.

    It's an Italian site and one of the words in the URL apparently translates to 'holder' - which makes me wonder if it was a development site that wasn't intended to be public. I'll admit it seems weird it's on a Thailand domain, but I would like a better explanation of what hdworld.sony is before I blame them for getting hacked. Are they providing shared hosting for some service and not checking the content regularly?

    There just isn't enough information on this one.

  • by Anonymous Coward

    This doesn't necessarily mean that Sony was hacked. Maybe Sony just decided to get into the phishing scam business...

The shortest distance between two points is under construction. -- Noelie Alito

Working...