Sony Ericsson acknowledges Canadian e-commerce site hacked

Sony Ericsson logoSony has been hacked for the fifth time in four days. This time a vulnerability was discovered in the Canadian e-commerce site for their mobile phone division, Sony Ericsson.

The purported attacker, @idahc_hacker, describes himself as a “Lebanese grey hat hacker.” Early this morning Pacific time in Canada he posted a database to containing password hashes, email addresses and full names.

@idahc_hacker is now claiming to have discovered additional databases besides the one he posted to pastebin that may contain credit card numbers, telephone numbers, discount coupons and the administrator’s username and password.

I did some checking on the password hashes and they do not appear to be easily recovered MD5 or SHA1 hashes. Hopefully Sony has salted them to make it more difficult for them to be recovered.

A Sony Ericsson spokesperson, Ivette Lopez Sisniega, acknowledged the attack to Bob McMillan from IDG. She explained that “Sony Ericsson has disabled this e-commerce website.”

SQL attack against Sony Ericsson

From a screenshot obtained from The Hacker News it is apparent that the SQL injection attack used to compromise the site was similar to the recent attacks on Sony sites in Greece and Japan.

This is the first time a partner company to Sony has been targeted in the ongoing attacks against their brand. Looking at the attacks over the past few weeks it is clear that they are not being centrally coordinated; rather they seem to be opportunistic from those angry with Sony over the lawsuit against George Hotz.

Some have commented that this is nothing more than a thorough-but-free penetration test. It is nothing close to free… Sony’s market cap is down over $2 billion on the New York Stock Exchange.

Apple support to infected Mac users: "You cannot show the customer how to stop the process"

Mac Defender fake security popupsZDNet writer Ed Bott has posted the latest instructions to Apple tech support personnel regarding users calling in with active fake anti-virus “MacDefender” infections.

Bott says he acquired the documents by talking with two anonymous Apple support representatives about how Apple is coping with the first widespread attack against OS X users. According to his sources Apple has received an estimated 60,000 tech support calls related to the infections.

It has been encouraging that many Apple customers have been taking this attack seriously and taking preventative measures like installing our free anti-virus program for OS X.

Apple is apparently telling support reps to tell customers:

“Apple’s [sic] doesn’t recommend or guarantee any specific third part [sic] anti-virus protection over another. However I can suggest several third party virus protection programs that you may want to consider researching to find the best one for your needs.”

But they still have their heads buried in the sand when it comes to assisting their customers. The memo, acquired from an outsourced support company, says:

Screenshot of leaked Apple memo

“Things you must never do according to the client [Apple].”

  • You cannot show the customer how to force quit Safari on a Mac Defender call

  • You cannot show the customer how to remove from the Login items.
  • You cannot show the customer how to stop the process of Mac Defender in their Activity Monitor.
  • You cannot refer the customer to ANY forums or discussions [sic] boards for resolution (this includes the forums)

Apple’s famous PR savvy apparently doesn’t apply to handling security incidents. It is genuinely tragic that such a large number of OS X users are falling victim to this scam, and Apple’s response is less than helpful.

You could argue that Apple created this false sense of security through their marketing and advertisements suggesting Apple users are immune to security threats. Now that some of their flock are affected, it would be good of them to at least point people in the right direction.

Many journalists have asked me in the last few weeks whether this is being hyped by the anti-virus business. Are real people being impacted? Judge for yourself… Apple’s reaction says more about the problem than I can possibly explain.

Regardless of platform we all need to be safe with the choices we make on our computing devices, whether we use tablets, Linux, Windows, OS X, or Android. When enough people let their guard down they are easy targets and criminals will take advantage of the lowest hanging fruit.

Until next time… Stay secure.