Okay, okay. Sony has had a lot to deal with of late, what with its Playstation network being hacked and subsequently being taken offline for quite some time. But we believe that Sony has been hacked yet again, this time its Sony Thailand’s website.
As security firm f-secure reports, Sony Thailand’s hdworld.sony.co.th URL has a phishing site running on it, leading to an Italian credit card company.
As you can see, visiting the site on Google Chrome reveals a blatant warning that the site is in fact a phishing scam:
“It’s not as common as other vulnerabilities such as ‘usual’ web issues like data injection. But, when having mayor issues like file access, the success rate of such an attack becomes much higher.”
“It can be done through, for example, having file access. To grant such access, weaknesses in the application or infrastructure need to be found. As application issues, you’d mention database access to write files, including remote scripts, able to execute commands on the server and so on. As for weaknesses in an infrastructure, weak passwords or buffer overflows in software could be used to grant access.”
“If you have a large site with lots of legacy apps and mini-sites, it’s not unheard of for something like this to happen. In Sony’s case, it’s likely its a PHP or SQL hole rather than DNS access or htaccess edit on the server itself.”
“I believe this particular site might run on some ad agency’s IP address. Nevertheless, it’s under Sony’s name, so technically, it’s Sony’s server.”
LINK TO OUR HOME PAGE :