Jump to content

Search the Community

Showing results for tags 'sony'.

The search index is currently processing. Current results may not be complete.
  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 6 results

  1. Custom rom sau stock? Firmware schimbat? Overclock? Ce launchere/gadgets folositi? Un screenshot la ecran? Sau dati voi alte detalii intr-un reply. Incep eu. HTC ONE M8, custom rom de pe xda, fara oc, fara laucher de pe playstore (Love HTC UI), niciun gadget, ss n-are rost ca n-am nimic special facut pe ecran si cam atat.
  2. SEC Consult has found a backdoor in Sony IPELA Engine IP Cameras, mainly used professionally by enterprises and authorities. This backdoor allows an attacker to run arbitrary code on the affected IP cameras. An attacker can use cameras to take a foothold in a network and launch further attacks, disrupt camera functionality, send manipulated images/video, add cameras into a Mirai-like botnet or to just simply spy on you. This vulnerability affects 80 different Sony camera models. Sony was informed by SEC Consult about the vulnerability and has since released updated firmware for the affected models. Further information about the backdoor, disclosure timeline, affected devices and updated firmware can be found in our advisory. This blog post has some highlights from the vulnerability analysis. This advisory is the result of research that started by uploading a recent firmware update file from a Sony camera into our cloud based firmware analysis system IoT Inspector. After a few minutes the analysis results were available. One result immediately caught our attention: Excerpt from IoT Inspector results So here we have two password hashes, one is for the user admin and was cracked immediately. The password is admin. This is no surprise as the default login credentials are admin:admin. The second password hash is much more interesting, it’s for the user root and it was found in two different files: /etc/init.d/SXX_directory and /usr/local/lib/libg5_usermanage.so.0.0.0 We can use the file system browser of IoT Inspector to have a look at the SXX_directory. Excerpt from IoT Inspector filesystem browser It looks like this startup script (called by /sbin/init/rcS during boot) is responsible for creating and populating the file /tmp/etc/passwd (/etc/passwd is a symlink to this file). A line for the user including a password hash is added, the shell is /bin/sh. Not good! So, what can we do if we can crack the hash? At this point we can assume that it's very likely we can login using UART pins on the PCB. This of course requires us to have physical access and to disassemble the device. The other locations where we could possibly use the password are Telnet and SSH, but both services are not available on the device … or are they? A quick string search in the firmware's filesystem for “telnet” shows that a CGI binary called prima-factory.cgi contains this string a few times. IDA Pro to the rescue! It seems this CGI has the power to do something with Telnet: The code in g5::cgifactory::factorySetTelnet() (in decompiled form below) is pretty straight forward. Based on input, the inetd daemon is killed or started: The inetd daemon gets its configuration from /etc/inetd.conf and inetd.conf is set up to launch Telnet So how can we reach this CGI functionality? The answer lies in the lighttpd binary. Lighttpd is an open source web server that was modified by Sony. Some custom code for HTTP request handling and authentication was added. Below is an excerpt from a data structure that maps the URI /command/prima-factory.cgi to the CGI in the file system. The authentication function is HandleFactory. HandleFactory decodes the HTTP Basic Authentication header and compares it to the username/password primana:primana. Now we have all ingredients to craft an attack that looks like this: Send HTTP requests to /command/prima-factory.cgi containing the “secret” request values cPoq2fi4cFk and zKw2hEr9and use primana:primana for HTTP authentication. This starts the Telnet service on the device. Login using the cracked root credentials via Telnet. Note: We have not cracked the root password, but it's only a matter of time until someone will. The user primana has access to other functionality intended for device testing or factory calibration(?). There is another user named debug with the password popeyeConnection that has access to other CGI functionality we didn't analyze further. We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing) and not an "unauthorized third party" like in other cases (e.g. the Juniper ScreenOS Backdoor, CVE-2015-7755). We have asked Sony some questions regarding the nature of the backdoor, intended purpose, when it was introduced and how it was fixed, but they did not answer. For further information regarding affected devices and patched firmware, see our advisory. IoT Inspector now comes with a plugin that detects this vulnerability. For further information regarding affected devices and patched firmware, see our advisory. IoT Inspector now comes with a plugin that detects this vulnerability. Source
  3. Hello friends i want to purchase a andriod phone but i am little bit confuse between the Samsung and sony experia mobile so guys please tell me which one of the best brand.
  4. Salut. Stie cineva unde gasesc un cod sa decodez un Sony Ericsson u10i.( gratuit). Am cautat si nu am gasit nimic bun. IMEI:356815038800786 CODAT ORANGE SPANIA.
  5. Millions of PSN gamers, who were hit by a massive data breach on Sony's Playstation network back in 2011, are finally being offered the opportunity to claim compensation from the company. Stateside victims of the hack attack – PSN, Qriocity and Sony Online Entertainment subscribers who held an account before 15 May 2011 – have been encouraged to file an online form as part of a settlement deal to end a class action lawsuit brought against the Japanese tech giant.A number of claims can be submitted by U.S. netizens affected by the assault on Sony's computer network systems. Victims can either claim one free game, up to three themes or a free subscription to Playstation Plus for three months for those subscribers not already signed up to that option. While those affected by identity theft can claim up to $2,500 in compensation. Sony, which offered a $15m settlement deal to PSN gamers in July last year, said: The proposed settlement offers payments equal to credit balances (if applicable credit balance is $2 or more) in inactive accounts, game and online service benefits for holders of active accounts, and reimbursements for certain out-of-pocket expenses from any identity theft proven to have resulted from the intrusions. In the UK, Sony was slapped with a £250,000 fine by the Information Commissioner's Office, after it concluded that the Data Protection Act had been violated following the 2011 hack attack. The personal info of millions of Brits – including names, addresses and account passwords – were stolen by malefactors who infiltrated Sony's PlayStation Network systems. In January 2013, Blighty's data cops concluded that the breach of around 77 million gamers could have been prevented if Sony had adequate security measures in place, such as hashing and salting log-ins and keeping system patches up to date. Despite that admonishment, Sony has refused to accept any responsibility for the attack. ® Source
  6. CNN recently reveled the methodology of the cyber attack that allowed anonymous cybercriminals Guardians of Peace direct access to their network, or the “keys to the entire building,” as one Sony Pictures Entertainment official stated. According to investigators, the attack was carried out through a set of stolen system administrator credentials; a privileged account username and password providing a golden gateway of unfettered access to employee records, unreleased films, intellectual property, email conversations and other sensitive data. The breach has now escalated to a matter of national security, with FBI claiming North Korea as the nation state responsible for this attack based on a recent press release from the agency. Why Hackers Love IT Admin Credentials Access to a system administrator credential may have been the linchpin in allowing the Guardians of Peace to carry out their attack to the length and complexity they achieved; they held sensitive data hostage paired with ominous threats of movie goers if screenings of upcoming satirical comedy The Interview were not cancelled and their demands met. It’s difficult to say exactly what happened, as the raw details of how the hack was performed aren’t being made public yet. Based on information currently available, it’s safe to say Sony was utilizing a very poor password policy for its privileged accounts. Despite the fact that it has been common knowledge not to do so, Sony still stored sensitive, system-level passwords in plaintext in Excel spread sheets, and made use of extremely weak passwords, like “password,” on said accounts. The public doesn’t know how often Sony was actively rotating and changing passwords on these sensitive credentials or if they were left stagnant over a long period of time. While it’s not certain that putting all of these password security measures in place would have completely stopped the attackers, it would have mitigated the damage and perhaps slowed attackers down enough to thwart the attack before it was fully executed. Our own research, conducted this past August at the Black Hat Conference, shows that hackers who are in search of sensitive corporate data don’t look at the top executives as the most likely suspects for security weaknesses. Thirty-six percent of the hackers we surveyed indicated that IT admins were the first place they looked when attempting to penetrated an enterprise network – right behind independent contractors. These groups are at a major risk for attack because the nature of their work typically includes direct access to servers and systems housing sensitive company data, such as billing information and customer data. Once an attacker gains control of login credentials, they can swiftly compromise systems, move laterally through and gain control over the network. Privileged Account Security Must Be a Top Priority As hacker intelligence evolves faster than preventative technologies allow, the perimeter is not the secure defender it once was. It’s innately porous and can only block a certain percentage of those attempting to gain access to a network. Once the attacker is inside, they are on a hunt for anything of value, and often target privileged account credentials to gain access to those jewels quickly and effectively. It’s in Sony’s best interest moving forward to invest in safely storing, securing, and managing privileged account credentials such as system administrator, database administrator, ROOT, and service account passwords to prevent something like this from happening again. This cyberattack is a wake-up call to all enterprises who have been neglecting the regular maintenance of passwords belonging to these kinds of service accounts – especially companies that have recently had any kind of downsizing, shifting of roles in IT, or new offices in other locations. Left unchecked, these accounts are extremely vulnerable. Hackers are counting on it. What’s Next for Sony Pictures? Given the current evidence of poor security practice and subsequent brand and financial damage at Sony Pictures, it is unlikely they used any form of third party, or even first party auditing on stale security policies. I expect this to change for them going forward. If they are smart, they will get a third party vendor to properly audit and assess their security policies regularly. The truth is, the damage has been done. Emails have been leaked, data has been compromised. That cannot be remedied. Sony, like every other company that’s experienced a data breach, must learn from their mistakes and move forward. Sony Pictures will most likely look to a consulting firm to help them mend the damage and put a privileged account management (PAM) solution in place. PAM needs to play a central role in the rebuilding of their IT security infrastructure. Limiting account access, rotating privileged passwords on a scheduled basis and auditing account usage are key strategic pieces that not only will mitigate current levels of risk, but help set an example to other businesses industry-wide. The Sony hack’s biggest takeaway is that nobody should wait for a breach to occur to begin securing their privileged accounts. Source
×
×
  • Create New...