‘Sony Korea,’ a global enterprise Sony’s Korean site, reflective XSS was found and urgent security measures are required. Recently ‘Play Station (PSN)’ which is Sony’s on-line game service was down by distributed denial-of-service (DDoS) attack.
Users experienced disconnection while enjoying games at Sony’s Play Station network and reported the problems to Sony many times, but Sony showed the worst attitude to deal with this circumstances and ignored the users’ report saying that its network was in a stable condition. And only after John Smedley, the general manager of on-line entertainment enterprise department, mentioned, “Sony ‘s under a large-scale DDoS attack” via twitter, Sony seriously stepped forward to cut off DDos attack.
Although Sony is under the pressure of reinforcing cybersecurity from this DDoS attack, Sony Korea still seems to be anesthetic with regard to reinforcement in that it exposes web weaknesses untouched.
The delicacy discovered by a white hacker group called Lock Down was a simple trick of connecting other sites in a small box that was made through specific text at a specific area in the site. And after minimizing the box into zero and connecting malignant web pages already formed by any hacker in the box, the attacker can make a zombi PC instantly.
This can be even more serious delicacy since users rarely have a doubt about the authenticity in that the attackers misrepresent Sony, a renowned global enterprise, to make a zombi PC and distribute malignant links which use the search windows of Sony Korea not any suspicious sites.
Sony Korea is supposed to be that neglectful of its cybersecurity as a worldly renowned enterprise because XSS is not a vulnerable drawback that is hard to cope with but a regular problem to be frequently discovered at any minor enterprises where security managers or experts are missing.
It is the customers of Sony Korea that suffer from this delicacy that can make the PCs of several hundreds up to several thousands a day into zombi PCs and steal all sorts of financial and personal information according to the purpose. Therefore Sony Korea shall remedy the delicacy in a short period and play a sure card in its total cybersecurity.