How to not have your Web site hacked like Sony's

A SQL injection attack was used to plant malicious code on pages of two popular Sony Playstation games - SingStar Pop and God of War, reports security company Sophos. Hundreds of Web pages from other businesses have also been compromised.

Identify: For those using ASP code on their Web sites, another Microsoft tool can analyze the code and then output a display of the areas that are vulnerable to SQL injection. The tool also comes with documentation that actually tells users how to fix the different problems that could be found in the code analyzed. Download the Microsoft Source Code Analyzer for SQL Injection at Microsoft Knowledge Base Article 954476.

Fixing the actual root of the problem is important, Cluley says. A Web site that simply removes the injected code but doesn't patch up the exploit will find the code is re-inserted in short order by automated botnets.

It's not clear what steps Sony has taken with its Web site at this time. "We haven't heard directly back from their Web team," the Sophos consultant says. attempted to contact Sony, but did not receive a response.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about CA TechnologiesCMSHewlett PackardHewlett-Packard AustraliaHPMicrosoftPlaystationSonySophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Brian Jackson

Latest Videos

More videos

Blog Posts