How to not have your Web site hacked like Sony's

A SQL injection attack was used to plant malicious code on pages of two popular Sony Playstation games - SingStar Pop and God of War, reports security company Sophos. Hundreds of Web pages from other businesses have also been compromised.

Identify: For those using ASP code on their Web sites, another Microsoft tool can analyze the code and then output a display of the areas that are vulnerable to SQL injection. The tool also comes with documentation that actually tells users how to fix the different problems that could be found in the code analyzed. Download the Microsoft Source Code Analyzer for SQL Injection at Microsoft Knowledge Base Article 954476.

Fixing the actual root of the problem is important, Cluley says. A Web site that simply removes the injected code but doesn't patch up the exploit will find the code is re-inserted in short order by automated botnets.

It's not clear what steps Sony has taken with its Web site at this time. "We haven't heard directly back from their Web team," the Sophos consultant says.

ITBusiness.ca attempted to contact Sony, but did not receive a response.

Join the newsletter!

Or
Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about CA TechnologiesCMSHewlett PackardHewlett-Packard AustraliaHPMicrosoftPlaystationSonySophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Brian Jackson

Latest Videos

More videos

Blog Posts