Sega becomes latest hacking victim

Gogogo, if you would have said what u have just written in your first post, you wouldnt b having that debate with Zenny. You do sound negative in your posts, but perhaps you dont mean to, just your frustration. And we all have our frustrations living in this unique country. Yes, japan is not used to criminal activity and therefore are easy targets. They still count cash in front of you at the post office around closing time. Once they get robbed a few times, that will change. And so will the security on websites now. Unfortunately this is how the world works. People/organizations need to make mistakes in order to learn from them. It would b great for a person(org) to learn from others and not have to experience it themselves...

Zenny: Japan has poor IT security, ask any foreign IT pro worth his salt that has worked in an IT company and you'll see shocking rookie mistakes and blanet disregard for any sort of security.

For example, next time your in Ueno station, goto the information desk, look at the PC that the staff are sitting behind, written in clear english is the username and password to the machine. While this PC might not have alot of sensitive information it could be linked to the JR network.. at best it is an example of seriously poor security practices.

gogogo, i am with you on this one!.

this is nothing about bashing japan, just tell the true about what is going on.

@naruhodo, stop the excuse about unique, and the not used to criminal activity, if that is true, then where the Yakuza come from?, American?, i read a few books about Japanese history, they that to someone that is new to japan.

not to someone that live here and see what is going on.

Please!!!

the IT industry in japan lag way behind other country.

reason maybe is the lack of English, remember all the software and scrip are Foreign and in English, when a patch is available, the Japanese don't know about it, because they cant speak the language or they just don't read about it.

i know a company who still using Mysql 3.0 and PHP 4 running on they servers.

I would just like to reiterate what Mr Moderator said: readers please please please stay on topic and do not be impolite toward one another. It's just not cricket. Ok?

NetNinja.

Reread the article.

Yes, Sega is a Japanese company. But the branch and Servers that were hacked are in LONDON staffed by non-japanese and serve non-japanese customers(Europe and Usa. and the article is about the incident that happened outside Japan.

Maybe I should blame the whole of the USA for hacks on their NHS, CIA, etc sites. Hekc let me start by slamming IBM, Microsoft, Apple, etc.

Perhaps Japan will now wake up and invest in security, the IT security in Japan is shockingly poor, at least Sega has encrypted passwords while sony did not.

gogogo.

Why focus on japan?

In the last few months those same groups hacked overseas companies(banks, etc) too as well as many "secure" US/UK goverment sites(NHS, etc) and international groups like IMF, etc.

Not all the companies/sites that are hit release the info to the media, but it is in IT bulletins.

Gogogo.

Not worse than what I have seen after working in IT(System admin and that includes security) on 4 continents over 25yrs. Of course Your mileage will vary depending on your experiences in IT.

the IT security in Japan is shockingly poor

After the CIA website was taken offline following a hacking of the US senate website by lulzsec, I don't think internet security is as useful as it could/should be.

Agree with yildiray.

Secuirty is always a catch-up game and the biggest stumbling blocks come from in-house.

Lulz Security is so confident that they started a call-line where you can request sites to be hacked or taken down with a DOS(Denial Of Service) Attack.

A DOS attack is not a hack, it is sending a bunch of traffic to a website it is not a hack and all sites in the world are open to it due to the nature of the internet. If you have the money you can rent botnets and DOS any site you want, it is not a hack, it is just putting a website offline. A hack is a break, enter and stealing passwords and information.

Zenny: Your mileage may vary but I've work all around the world for 30 years, Japan (not Asia) is 5-10 years behind in security practices and methods, check even the new JT site was "hackable" for the first few hours of operation because they didnt escape HTML characters correctly, a javascript injection would have stolen cookie passwords with every visitor viewing the page. Lucky JT had someone on the case and they fixed it.

gogogo.

Of course you are also aware that you are dissing international companies, etc in your statements. I worked/contracted for some international(overseas) companies here/overseas and their security was dismal at best. And I am talking BIG names here. Of course I know a DOS is not a hack, a hack is the next level.

Just get off that Japanese security is worse than overseas(unspecified) one, as you will find bad security globally and that has been shown in the media weekly.

Yeah JT fixed security but they can't fix the displayed screenwidth, etc that people been asking for since the cutover.

Honestly doubt that you are working in IT based on your posts. Your arguments are hollow and non-substantiated.

Of course, you totally ignore why british gaming sites, CIA, IMF, WHO, etc also got hacked recently, the list is long and goes global. Shouldn't happen as they are 5-10yrs ahead of Japan. Heck, the US is reckoned by some to be 5yrs ahead of europe.

Forgot the NHS in the US, etc also got hacked by lulz security.

I love Japan, I'm not bashing anything, Japan, like many countries has it's share of problems, I feel, in my opinion, Japan's IT security is very poor. Not saying other countries is not also poor, but I believe it less secure in general and than countries like the USA and Europe.

naruhodo: Ok I get that alot, I'm to the point, not trying negative or attack anyone.

Should I post the security issue with JT? What the best way?

gogogo.

Also forgets that many/most of the sites were hacked overseas/aka not within japan and thus were run according to overseas rules/guidelines and by overseas staff.

But lets not burst his bubble.

Well, Zenny11, you went after GoGoGo on this one and in the process made yourself look like back of a donkey.

The topic is Sega and as we all know, Sega is in Japan. It is not necessary for GoGoGo to sandwich his/her criticism. This is not a textbook conversation. I would concur with GoGoGo that IT Security in Japan is weak at best. GoGoGo is right on every point he/she tried to make.

Zenny, this is just observation but you made it a contest instead of debate. It was nice of you to introduce us to other facts that we may not have been aware of but they way you made your case was somewhat demeaning towards GoGoGo as if you wanted to look down on GoGoGo.

Obviously GoGoGo has much to offer on this subject and Zenny should've have given GoGoGo more credit from the beginning or Zenny could've asked GoGoGo to elaborate a bit more in a polite manner.

Gogogo.

Not worse than what I have seen after working in IT(System admin and that includes security) on 4 continents over 25yrs. Of course Your mileage will vary depending on your experiences in IT.

In this example above, which has nothing to do with Sega or Hacking, you clearly show off how big your ego is. Totally not necessary, yellow card.

It would be better to understand why Sega was hacked. These are not random attacks. It's hard to imagine why they would attack Sega though.

BTW, nice going after me.

May I suggest reading up a bit more about the current spade of attacks, like which sites and how they got attacked.

Sega hack is small and minor compared to the Citibank one(stolen CC-info) or the Lockheed one.

@Zenny Not really going after you. I'm just calling it as I see it. I'm not really on GoGoGo's side either. I'm just telling you how it went down.

I think you should've given GoGoGo the benefit of the doubt. It would've been better to assume that maybe GoGoGo had just as much to offer on this hacking topic as you do.

I think both of you have very informative posts every day. I respect both of you......only TODAY, I think you went at GoGoGo a bit too aggressively. Would you admit to that possibility and be done with it?

Sony, the CIA, what's next? Banks? Social Insurance systems?

There are thousands of sites hacked a day including big names and small... 90% of them go unreported as the company doesn't want bad press or perhaps even the sys admin / programmer covers their mistake up and doesn't even report it to the boss'

At the end of the day, this isn't new, there will always be people hacking and people making mistakes. Most of the big hack jobs are human error or social hacks actually, where someone sends you a nasty in your email and people still (for the love of man kind!) click on it and a keylogger is installed.

Wow - SEGA still exists? I havent heard of them since I was a high-school kid!

Japan's IT security is very poor. Not saying other countries is not also poor, but I believe it less secure in general and than countries like the USA and Europe.

yeah, why can't them thar japanese have supa-doopa tight security like what the CIA does. Oh, hang on a goddang minute, they hacked who now?

hacked and hosted

Well, they got hacked. That's too bad. 1.000692286 milliseconds of sleep lost. — time taken for light to travel 300 km in a vacuum. Probably the same amount of time it took to hack their systems.

Banks = done(Citigroup, etc) SIS = not quiet but NHS, IMF, WHO Lockheed Martin = done Google = done Nintendo = done Overseas online gaming sites = done

Sincerely hope Sega won't give LulzSec(behind Sony, etc attacks) the data that they want so that they can punish the hackers. Can turn into nasty corporate wars easily.

All my friends in the Industry agree that this is only starting and things will get way worse in the Future and few companies and sites will be immune.

Gibsons Books predicted it pretty well.

This group should be offered high paying security jobs.