Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

SonyPictures Site Compromised

Published: 2011-06-03
Last Updated: 2011-06-03 19:51:37 UTC
by Guy Bruneau (Version: 1)
13 comment(s)

We have written diaries on Sony’s security woes over the past few months, first one was a DDoS against its infrastructure [1] followed by the hacking of the Sony PlayStation network that took their network offline for several weeks, affecting all its PlayStation customers [2]. This week, SonyPictures was compromised by a group of individuals calling themselves LulzSec who took over 1,000,000 unencrypted plaintext customer password. Last week, another attack took place, this time against Sony Music Entertainment Greece website [3] who took usernames, passwords, email addresses and phone numbers.

One question comes to mind. With all of this data lost, if a PCI compliant corporation can be this easily targeted and compromised, is PCI a good standard to measure security posture?

[1] http://isc.sans.org/diary.html?storyid=10654
[2] http://isc.sans.org/diary.html?storyid=10768
[3] http://mashable.com/2011/05/24/sony-hacker-attack

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Incidents
13 comment(s)

Oracle Java SE Critical Patch Update Pre-Release Announcement - June 2011

Published: 2011-06-03
Last Updated: 2011-06-03 15:16:18 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Next Tuesday, Oracle is planning to release a Java SE Critical Patch Update that will contain 17 new security fixes which may be remotely exploitable without authentication. "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible." [1]


[1] http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html


 -----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Java
0 comment(s)
New Poll: How are you dealing with Malicious Domains?

Release of Wireshark 1.6.0rc2

Published: 2011-06-03
Last Updated: 2011-06-03 00:11:20 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

This is the second release candidate of the upcoming 1.6 (stable) branch. This new branch contains several new enhancements and bug fixes. For example, support for files greater than 2 GB, it can export SSL session keys, it can export SMB objects, graphs now save as PNG images by default to name a few. It also supports a large number of new protocols. This update can be downloaded here.
 

[1] http://www.wireshark.org/lists/wireshark-announce/201106/msg00000.html

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Wireshark
0 comment(s)
Diary Archives