InfoAnda - Sony yet to fully secure its networks: expert |

Pakistanis angry over detentions in Times Sq. case
Monday, May 24, 2010
ISLAMABAD – Relatives of three men detained by Pakistan for alleged links to the suspect in the attempted Times Square bombing say the men are innocent.
They

Taiwan denies boycotting Australian film festival
Thursday, August 6, 2009

AFP - Thursday, August 6TAIPEI (AFP) - - Taiwan's Beijing-friendly government on Wednesday denied boycotting an Australian film festival amid a row over the e

Merkel's support dips, regional ally resigns International
Thursday, September 3, 2009

By Sarah Marsh and Noah Barkin

BERLIN (Reuters) - Chancellor Angela Merkel suffered a double blow on Thursday as a senior party ally in east German

Minister seeks closure of anti-Berlusconi websites
Wednesday, December 16, 2009
ROME (AFP) - – The Italian government moved Tuesday to close down Internet sites encouraging further violence against Prime Minister Silvio Berlusconi, who

Asian markets mixed after Wall Street rally
Wednesday, March 18, 2009

By ELAINE KURTENBACH,AP Business Writer AP - Wednesday, March 18SHANGHAI - Asia's stock market rally seemed to be running out of steam Wednesday, despite an

Fake Websites Exploit Obama's "Resignation" To Hijack Computers | 20 January 2009
Zynga files for IPO of up to $1 billion | | 2 July 2011
Chris Brown says never stopped loving Rihanna | 1 September 2009

Chie Tanaka dreams to be a singer | 17 December 2008

Forum Views () Forum Replies ()

Read more with google mobile : Sony yet to fully secure its networks: expert |

Edition: U.S. Article Comments (6) Follow Reuters Facebook Twitter RSS YouTube Read Exclusive: Pornography found in bin Laden hideout: officials 13 May 2011 Texas county official says "stupid" feds sparked fire 13 May 2011 Libyan TV carries audio of Gaddafi taunting NATO | 3:04am EDT Baby Food and Juice Box Confiscated at Airport Security Checkpoint 13 May 2011 Gaddafi likely wounded and not in Tripoli: Italy | 13 May 2011 Discussed 119 Son says bin Laden sea burial demeans family: report 63 Obama administration fights to save healthcare law 62 Muslim scholars pulled from Delta plane in Memphis Watched Dozens die in Pakistan suicide blast Fri, May 13 2011 Hunt for bin Laden; in 60 seconds Thu, May 12 2011 Russia 'shot down Georgia' drone Mon, Apr 21 2008 Sony yet to fully secure its networks: expert Tweet Share this By Jim Finkle BOSTON (Reuters) - Sony Corp's computer networks remain vulnerable to attack three weeks after the company learned that it had been victim of one of the biggest data breaches in history, according to an Internet security expert. The... Email Print Related News Obama presses Congress on cybersecurity measures Thu, May 12 2011 Special report: Chinese stock scams are the latest U.S. import Wed, May 11 2011 Google launches Chrome PCs, takes on Microsoft Wed, May 11 2011 Microsoft to buy Skype for pricey $8.5 billion Tue, May 10 2011 Sony defends speed of notification of data breach Sat, May 7 2011 Analysis & Opinion Tech wrap: Google unveils Chromebook Google raises Internet appliances from the dead Related Topics Technology Home » Media » Stocks People walk in front of the Sony Corp's headquarters in Tokyo November 25, 2010. Credit: Reuters/Toru Hanai By Jim Finkle BOSTON | Fri May 13, 2011 5:48pm EDT BOSTON (Reuters) - Sony Corp's computer networks remain vulnerable to attack three weeks after the company learned that it had been victim of one of the biggest data breaches in history, according to an Internet security expert. The expert found a handful of security flaws in Sony's networks while remotely studying its systems via the Internet to see how difficult it would be to penetrate the electronics giant's systems in the wake of the attacks. Security researcher John Bumgarner discovered a potential bonanza for hackers by using little more than a web browser, Google's search engine and a basic understanding of Internet security systems. "Sony still has several external security issues that need to be addressed," said Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit, a research group funded by government and private sector grants that monitors Internet threats. Bumgarner, a well-regarded Internet security researcher and U.S. military special operations veteran, identified a handful of flaws that would be easy for a hacker to identify and potentially exploit. Sony did not respond directly to Reuters on the security lapses that Bumgarner said he had uncovered, but three of five flaws that Reuters pointed out to the company on Thursday were fixed later in the day. "The first and most important thing to note is that protecting our customers data is a company-wide commitment that we take very seriously," a Sony spokesman said in an email on Thursday. Sony officials did not return calls seeking further comment on Friday. It was not immediately clear if the identified security gaps allowed for access to active or defunct systems. Several flaws remain, according to Bumgarner, who said he had viewed only parts of Sony's network that were visible over the Internet and did not attempt to break in to password-protected sites or exploit any vulnerabilities. He found no evidence of breaches beyond the two Sony has disclosed. But he said he was able to find gateways to internal systems and locate data that would be useful to hackers by using simple techniques that he shared with Reuters. SONY SANTA The techniques uncovered a number of security gaps. Through a series of Google searches, Bumgarner was able to find a software program that Sony developed in 2001 to run a SonyStyle.com Christmas gift registry and sweepstakes program called Sony Santa. That program gathered users' names, addresses and ages. The names and partial addresses of some 2,500 of those sweepstakes contestants were posted on a website. Sony said on Thursday that it learned of the error on May 5. The site has been taken down and Sony is working to remove any residual links to the list, a spokesman said. Bumgarner also found an access point to a server running an identity management system that he said controls access to logins and passwords for employees throughout Sony Pictures Entertainment. He located that system by conducting a Google search using the terms "site:.Sony.com identity." Most companies attempt to hide these servers from the prying eyes of potential hackers because these systems are linked to sensitive employee account data, he said. In a file on Sony's website that alerts search-engine crawlers to which sections of the site that Sony wants a search engine to avoid cataloging, the company provided a link to an internal password-protected software application. Bumgarner said the domain on Sony Corporation of America's network where the application was located was carefully hidden from view, so a web crawler or casual surfer would not have located it. But putting the URL in the file effectively served as a red flag to potential hackers who might see it as a potential weak spot in Sony's armor, Bumgarner said. On May 4, Bumgarner located a server in the Sony network that disclosed the names, Facebook IDs and IP addresses of Sony customers who were playing online games through Facebook. IP addresses allow somebody to track the general location of a player. He Tweeted his discovery on May 4 and Sony plugged the leak two days later. The company installed a security management system from Riverbed Technology on the server that leaked the Facebook data. Bumgarner was able to view an access screen to the Riverbed system that had the login field filled with a user ID through May 10. "No one should be able to point a web browser at Sony and see a security management console or find their identity management system that has been indexed by Google," he said. Sony has fixed some of the flaws after Reuters detailed them in an email. They include removing the file from its website that tells search-engine crawlers which sections of the site to avoid cataloging. Sony disabled access to the password-protected application that the file originally pointed to and eliminated access to the Riverbed security system. WIDESPREAD PROBLEMS Bumgarner's research showed that the problems with Sony's systems are more widespread than the company has acknowledged. Sony has said that only its PlayStation Network and Sony Online Entertainment systems were hacked. Most of the flaws that Bumgarner discovered were in other Sony networks -- that of the Sony Corporation of America, Sony Pictures Entertainment and Sony Electronics Corp. Security experts say companies need to be discerning when deciding which servers to expose to the Internet. Many of the flaws that Bumgarner discovered were identified with a tactic known among hackers and security experts as "Google hacking" -- using the search engine's advanced features to find information that would be of use to hackers. He found the Sony Santa program by searching for items on Sony's network written in Microsoft Excel format (site:.sony.com filetype:xls). Mikko Hypponen, chief research officer at computer security firm F-Secure, said Sony should have been more careful. "They've been running in circles for the past three weeks," Hypponen said. "The first thing a consultant group or an Internet response group would do is run a basic vulnerability scan and that's what they would find," he said, referring to the lapses found by Bumgarner. Security experts have said they believe the hackers initially gained access to Sony's network through a "spear-phishing" attack that targeted a systems administrator who had broad privileges to access data on Sony's networks. In "spear-phishing" campaigns, hackers craft e-mails with personalized messages so that the recipients let their guard down and click on links or download attachments that launch malicious software programs that take over their computers. Once one PC is corrupted, hackers can use that machine as a base from which to launch sophisticated operations, such as the attacks on Sony's networks. Bumgarner found a page on Sony's website that lists the names, e-mail addresses and phone numbers of IT managers that he said the hackers could have used to launch a spear phishing attack. He found that information through Google searches. (Additional reporting by Liana B. Baker; Editing by Ken Li and Ted Kerr.) Technology Home Media Tweet this Link this Share this Digg this Email Reprints We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. Comments (6) Paranoimia wrote: I’m curious to know why this expert felt the need to run to the press with this information, rather than report his findings to Sony in order to assist them in plugging the gaps he found. May 13, 2011 6:09pm EDT -- Report as abuse hagbard_c wrote: The more people that know about how hacking occurs the better they can protect themselves. Hopefully Sony’s massive error will help to prevent other companies from making the same mistakes. If they, as a corporation, switched completely to linux, I seriously doubt this would have happened. May 13, 2011 6:40pm EDT -- Report as abuse jarekus wrote: What this security expert didn’t tell is that similar flaws you can probably find in 99% of all web sites which are not own by CIA ;-). May 13, 2011 7:36pm EDT -- Report as abuse See All Comments » Add Your Comment Social Stream (What's this?) © Copyright 2011 Thomson Reuters Editorial Editions: Africa Arabic Argentina Brazil Canada China France Germany India Italy Japan Latin America Mexico Russia Spain United Kingdom United States Reuters Contact Us Advertise With Us Help Journalism Handbook Archive Site Index Video Index Reader Feedback Mobile Newsletters RSS Podcasts Widgets Your View Analyst Research Thomson Reuters Copyright Disclaimer Privacy Professional Products Professional Products Support Financial Products About Thomson Reuters Careers Online Products Acquisitions Monthly Buyouts Venture Capital Journal International Financing Review Project Finance International PEhub.com PE Week FindLaw Super Lawyers Attorney Rating Service Reuters on Facebook Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. Thomson Reuters journalists are subject to an Editorial Handbook which requires fair presentation and disclosure of relevant interests. NYSE and AMEX quotes delayed by at least 20 minutes. Nasdaq delayed by at least 15 minutes. For a complete list of exchanges and delays, please click here.

Other News on Saturday, 14 May 2011
Bush tells Obama on bin Laden: Good call |
Pakistan's Musharraf vows to return for 2013 poll |
Man beheads British woman in Tenerife supermarket |
Ouattara says no exemptions in search for Ivorian justice |
Mexican army catches drug boss linked to Guzman |
Yahoo battle with China's Alibaba intensifies |
Court rules against Rambus, shares plunge |
France to host Internet leaders for e-G8 talks |
Deutsche Telekom confirms AT&T break-up fee worth $6 billion |
Cannes Q&A: Pirates director Rob Marshall |
Alec Baldwin rejoins 'Rock of Ages' |
Revamped Spider-Man musical returns to NY stage |
Etta James hospitalized with blood infection |
Pakistan's parliament condemns bin Laden raid |
6.0 magnitude quake hits near Costa Rica capital |
Libyan TV carries audio of Gaddafi taunting NATO |
Syrian forces kill 6 protesters |
Palestinian dies after protest in Jerusalem |
Egypt rulers vow crackdown on deviant groups |
Japan approves Tepco nuclear claims plan, reactor leaks |
Sony yet to fully secure its networks: expert |
Sheen bitter, Cryer jazzed as Kutcher joins Men |
Bob Dylan denies censorship of China shows |
Robert De Niro developing Bernie Madoff film for HBO |
Mike Myers to be a dad for the first time |
Soundgarden reunion fell into place by chance |
Comedian Colbert pursues possible Super PAC |
French actress Clemence Poesy poised for stardom |
Singer Sweet Micky takes oath as Haiti's president |
Tunisia eases week-old curfew |
Iran postpones blinding man in retribution punishment |
Plain-clothed men fire on Yemen protesters, wounding 7 |
Lukashenko opponent jailed for 5 years in Belarus |
Mubarak wife stable and available for police: minister |
Pirates of Caribbean sail to Cannes with star crew |
Greece at new risk of being pushed off euro
Bodies of missing Tenn. mom, Jo Ann Bain, and daughter found
Female Breasts Are Bigger Than Ever
AMD Trinity Accelerated Processing Units Now in Volume Production
The Avengers (2012 film), made the second biggest opening- and single-day gross of all-time
AMD to Start Production of piledriver
Ivy Bridge Quad-Core, Four-Thread Desktop CPUs
Islamists Protest Lady Gaga's Concert in Indonesia
Japan Successfully Broadcasts an 8K Signal Over the Air
ECB boosts loans to 1 trillion Euro to stop credit crunch
Egypt : Mohammed Morsi won with 52 percent
What do you call 100,000 Frenchmen with their hands up
AMD Launches AMD Embedded R-Series APU Platform
Fed Should not Ignore Emerging Market Crisis
Fed casts shadow over India, emerging markets
Why are Chinese tourists so rude? A few insights

USD EUR - 1 year graph		BlogMeter 1.01