@Brian Ashcraft: I don't know if that's a thumbs up or the finger! D:

Americo

@NickyJ:
No, it is making me rethink whether or not I finally got one when Sony seemed to be getting their shit together.

Corrin

@Dorphat the Insomniac: Oh I get it now! =D

(俗・ ) Grey Gecko

Wow thats alot of fanbots hating on sony i tell ya

alucardremixed

I had this exact message pop up on one of the websites I was visiting earlier. I have no idea if it was on Kotaku or not, but I was visiting Kotaku while browsing other sites as well. I thought it was some kind of spyware on my system but spybot s&d found nothing.

LORDofDANCE

@tsathoggua:
To add reference and illustration: [xkcd.com]

Dorphat the Insomniac

OWNED! O.o

Is it the U.S. PlayStation website or the Japanese version?

Dynasty

To clear up any misconceptions, the 2.40 firmware thing and this attack can't possibly be related. SQL-injection-based attacks are only feasible against websites and other applications that use databases and query-powered forms, of course. That Sony is having a rough week goes without saying, but any correlation between these events is certainly not causal.

SQL injections are easy to accidentally leave open. They're also easy to guard against. Simply don't trust any user data, no matter how secure a channel it comes through. A lot of new developers will forget to clean form data, or assume a URL variable is an integer, or forget to clean against non-query based attacks (i.e. HTML injection). Clean it up, people, before you put it in the query.

And don't forget to strip HMTL tags, either, if you don't want them -- that's how this one worked. The hacker slipped a <script> tag inside the author field of an article, and the system didn't clean it... an XSS attack, injected via SQL injection. Not fun.

tsathoggua

@(俗・ ) Grey Gecko: damn,reply was for NickyJ not for my own post.
Oh edit button were are you??

@KainReborn: Truth has been told!

(俗・ ) Grey Gecko

Windows servers have been getting hammered recently by a flood of sql injection attacks. If I'm not mistaken, it's really really easy to cause IIS to run a script to run commands on the sql server.

We've had to do some work around the office here to make sure our peeplz are protected.

Wait... here? Oh damn. Hi boss ^_^;;

Dorphat the Insomniac

@Yuki: Though of course, when using Adblock, one should set ads to display for Kotaku to support their fine services!

Yuki

@(俗・ ) Grey Gecko:
@nick.soapdish: All the fuss for nothing?...Good to hear! Seems like we don't have to find a name for Sony's error screens anytime soon!

@Krondonian: But--They pay in garlics right?!?

(俗・ ) Grey Gecko

@Krondonian: Adblock and NoScript on top of that and you are set.

Yuki

@evslin: Hrm. I was joking before, but I always check with sites like Lifehacker before doing anything. I think Avast and AVG Free are two of the best, free, antivirus applications.

It's worrying to think that this stuff goes on, for the non-tech savvy especially. It's exactly the kind of thing I could see my parents being fooled by.

Krondonian

@(俗・ ) Grey Gecko: Windows Vista is the Windows Vista of gaming.

KainReborn

@(俗・ ) Grey Gecko: I've just recently picked up a PS3 and it's been a pretty good experience so far. Basically replaced my DVD player and a storage box I had sitting around.

I think 2.40 was just a flub based on something not really foreseeable. Some developer put code into a save that botched a few PS3s, or something to that effect. I'm sure we'll see it come out sooner rather than later, and it won't have any effect on your day-to-day gaming. Just the added bonus of e-peen measurements (trophies) and a way to answer your messages in game.

nick.soapdish

@(俗・ ) Grey Gecko: They pay me with an up to date, high quality information service, catering for all my needs!

;)

Krondonian

@Krondonian: An anti-malware company put malware on websites in order for people to buy their anti-malware software? That's low.

And extremely common. Show you a fake scan results page claiming you have 277 infected files on your PC just to get you to whip out the credit card and download their app, which uses someone else's outdated malware definition file or just flat doesn't work.

evslin

Another problem. Somehow my avatar changed to a PS3. That's weird. What's going on?

toefer

@(俗・ ) Grey Gecko: I haven't had problems with mine at all.

NickyJ

Anyone else having problems with THIS site? Each time I've stopped by over the past few hours, some ads seemed out of place, and overlapped with some of the articles. Another time my avatar showed up as the picture for one of the articles. Could just be my computer though.

toefer

Yeesh, bad timing...

Neo Deus

@Corrin: So Sony's site getting infected is making you rethink your purchase?

NickyJ

@Krondonian:
b(^ ^)

Brian Ashcraft

Is anyone here actually having problems with their PS3s?

I just hope the 2.40 FW doesn't end up being the Windows Vista of gaming...

@Krondonian: How much do they pay you?

(俗・ ) Grey Gecko

Wow, this is getting scary! I thought a few weeks ago (when MGS4 came out) I had bought a PS3 at the perfect time! Today's events are making me begin to rethink that.

Corrin

An anti-malware company put malware on websites in order for people to buy their anti-malware software? That's low.

Remember, for all the best software solutions visit Lifehacker!

(How's my cross-Gawker promoting?)

Krondonian

Ouch

Murderdolls

Well.....at least it wasn't a rootkit.

@Krondonian: It's very good, actually.

Darkest Daze

You`ve gotta be pretty gullible to click on any web page for a free virus scan.Sadly some people are, i know one guy who regularly calls me out because his pc is acting strangely since he visited some site or clicked this or that unknowingly.
Try to educate him but he seems to not take it in.Oh well its his money i guess.
Use common sense people ffs.Its a big bad internet out there.

UFO

Oh geez, I got this virus right before I went to the wells fargo website. Freaked me out.

Pablos102030

OMG, even Kotaku is infected!

neoraul20

Ouch. Not that I'd fall for something like this - I've caught AntiSpywareMaster in the act recently at work too... sneaky bastards! - but I only go to the PlayStation site on my PS3 anyway. :p

fuchikoma

@Krondonian: But none of those save you if you already have a virus, or are a software-developer. I had to make my own software to scan and _disinfect_ 10,000 .exe files (2000 of which are my own projects). All antiviruses just happily opted to delete my files.... the nerve!

somarix

@(俗・ ) Grey Gecko: Nothing wrong with Vista from my end (and I have been using it since it was in beta form).

relic1980

I tend to fix computers for a living, and you would not believe how many times I get computers where I end up having to decrapify them because they saw one of these bogus popups and downloaded the crapware. I once had a computer that had something like five anti-virus or anti-spyware programs, ALL of them crapware. I always recommend to the client that if they get such a popup in the future, DO NOT click on the window (even clicking on the x can take you to their site in these cases), but three-finger the computer and attempt to shut the popup off(and the browser as well). And as a precaution, run your legitamate anti-virus or spyware program. Then they can use a browser that has a decent anti-popup or phishing component.

relic1980

@Corrin: For gamers, getting your "shit" together it getting the games out quicker, or roughly on time, and making sure your console is taken care of. Sony is just having a rough time, something that is completely common and shouldn't be of too much, if any, concern to the console consumer (should we not forget XBox Live Watch, a week of two with harsh online connections).

GDW1017

Why doesn't Sony take it even further and find out where the virus came from and take them to court? I'd personally kick their ass.

drunkentyger

What's funny is that Playstation.com runs on Microsoft technology: IIS, ASP.Net, C#.

jsf49

NBA Hangtime, NBA Jam, NBA Courtdate

SmokeFemur

@jsf49: [searchdns.netcraft.com]

KageMonkey

@jsf49: If would be PHP and free source, then would be even more vulnerable. Just check around, its even easier to crack. Not big deal.

bubble-bee

@(俗・ ) Grey Gecko: Windows vista works fine for me... with all games (well, windows xp without SP was even worst).. and i find Vista faster than Windows XP sp2, if u have good hardware, of course.

But anyway, firmware doesn't have nothing to do with OS. Maybe it's just some installation problem due to certain situations that they weren't expecting. They will fix it in no time. And 2.40 will be running smoothly in every ps3.

bubble-bee

...There are still websites vulnerable to SQL Injection? Wow...Remember little Bobby Tables?

atoxic

Cheap powerpoint-style graphics ftw.

Frank

If you are stupid enough to click on a popup I'm sorry but you deserve it.

killr_klown

@relic1980:
Same here, and though killr_klown has a point, those "stupid enough" keep me in business.

Circle of life.

thisisasignin

@jsf49: thats not funny at all. they are standards of the web.

shade-black

@bubble-bee: if you have both xp and vista down to it's minimum, xp is still much faster. xp also still has better compatibility.

shade-black

i bet it was an xbox user....

shade-black

@(俗・ ) Grey Gecko: whats wrong with vista?

Other than it preforms slower (and by slower i dont mean huge ammounts) then XP, mine still games with the best of them. (4gig ddr2 seems to be just fine.)

ShaggyB

@shade-black: my money is on those wii guys.....

ShaggyB

@bubble-bee: I use php all the time. What's wrong with it?

jsf49

@KageMonkey: Your site is clearly either wrong or outdated. The source code in the pages specify .aspx and the language C#.

jsf49

Fuck! Sothis is why I had "AntiVirus XP 2008" (which is really a virus/thing and stupid WinSpywareProtect rogue software on my computer! Holy shit! I thought my computer would die when I got it but lucklily some guy ont he net helped me out. Thanks for telling me the problem 'taku.

Jagzthebest

@jsf49: You're kidding right?

SQL Injection isn't language specific. PHP is just as vunerable as ASP.NET, and JSP to SQL Injection.

balls187 upside yo head

@Dorphat the Insomniac: I had that taped to my monitor while writing data cleaning regexes;DROP TABLES;

balls187 upside yo head

Further information...the Playstation and other sites were attacked by the ASProx botnet. As the name implies, ASProx targets .asp pages.

jsf49

@balls187 upside yo head: My question about PHP was to bubble-bee, who said that PHP is weaker security-wise because it is open source. If you share his sentiment, the question is then for you too, because I see a lot of open source projects as being more secure than closed source counterparts.

jsf49

@thisisasignin: I have to admit that is true. One can warn them just so much (and I do warn them to be fair), but when they see that link for a cool free screensaver or game, they don't worry that a virus or crap may hitch along for the ride, and later I get the call...^_-

relic1980

we can't blame Microsoft for some stupid ass developers, and the same goes for the fools who click on this stuff! Its really painful watching most internet users surf the net...

leglessgnome