Sony Studio Exec’s Salaries

Hackers Pirate Sony Films and Leak Studio Salaries - NYTimes.com

SonyPictures/Exploits

http://pastebin.com/Ez5JGT7G

From the New York Times:

But Sony was newly rattled by the leak of internal documents, some of which were published late Monday on Fusion, an upstart cable network and news site, after first appearing on Pastebin, the anonymous Internet posting site. The documents contained the pre-bonus annual salaries of senior executives, 17 of whom are shown earning more than $1 million a year.

via Hackers Pirate Sony Films and Leak Studio Salaries – NYTimes.com.

### BEGIN REPOST ###

  1. Exploitation & Vulnerability Test ‘ by Anon-Ninja-Cat ❤ For full Report see Anon Ninja Cat’ who will contact Infosec Cat ‘who will get Clearance from Cone Cat to Access the Cyber Hive index.
  3. We Are Anonymous
  4. We Are Legion
  5. We Are Ghosts of the CyberHive.
  6. Anon Familia ❤
  7. ——————————————————
  8. http://www.sonypictures.com/ (Hollywood, FL, US)
  10. IP Address      72.52.12.83 <<< unknown.prolexic.com < Prolexic: DoS and DDoS Protection )
  12. Server Type     Apache
  14. report for http://www.sonypictures.com (72.52.12.83) <<< unknown.prolexic.com < Prolexic: DoS and DDoS Protection )
  16. Host is up (0.012s latency).
  17. rDNS record for 72.52.12.83: unknown.prolexic.com
  18. PORT     STATE    SERVICE
  19. 80/tcp   open     http
  21.  Target IP:          72.52.12.83 <<< prolexic.com < Prolexic: DoS and DDoS Protection )
  23. + Target Hostname:    www.sonypictures.com
  24. + Target Port:        80
  25. + Start Time:         2014-12-02 08:00:59 (GMT-5)
  26. —————————————————————————
  27. + Server: Apache
  28. + robots.txt contains 2 entries which should be manually viewed.
  29. + ETag header found on server, fields: 0x4fad 0x5092bb9bcf9a9
  30. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
  31. + /WEB-INF/web.xml: JRUN default file found.
  32. + OSVDB-9392: /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit.
  33. + OSVDB-3092: /beta/: This might be interesting…
  34. + OSVDB-3092: /test.txt: This might be interesting…
  35. + OSVDB-3233: /netbasic/websinfo.bas: Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed.
  36. + OSVDB-3092: /tv/: This might be interesting… potential country code (Tuvalu)
  37. /maintenance/: Admin login page/section found.
  39. 11 site(s) hosted on ip 72.52.12.83
  40. Location:   Hollywood,United States
  42. sonypictures.com
  43. d-9.com
  44. thisistheend.com
  45. thesocialnetwork-movie.com
  46. dragontattoo.com
  47. sonypictures.net
  48. sonypicturesanimation.com
  49. entertheunderworld.com
  50. skyfall-movie.com
  51. smurfhappens.com
  52. omnicorp.com
  54. ======================================================================================================
  56. Server:Apache
  57. IP Address:198.212.50.74
  58. Port:443
  59. Hostname:www.sonypictures.com
  61. sonypictures.com        A       5 minutes               198.212.50.74
  63. report for 198.212.50.74
  64. Host is up (0.024s latency).
  65. PORT     STATE    SERVICE
  66. 80/tcp   open     http
  67. 443/tcp  open     https
  69. mail.sonypictures.com   A       5 minutes               209.0.235.15 (US)
  70. test.sonypictures.com   A       5 minutes               64.37.182.123 (San Diego, CA, US)
  71. http://www.sonypictures.com    A       5 minutes               72.52.12.83 (Hollywood, FL, US)
  73. DOMAINS:
  74. http://www.sonypictures.com, sonypictures.com, ultraviolet.sonypictures.com, uv.sonypictures.com,
  75. ultraviolet.sonypictures.co.nz, ultraviolet.sonypictures.com.au
  77. Serial Number:18DAD19E267DE8BB4A2158CDCC6B3B4A
  78. Fingerprint (SHA-1):4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
  80. Serial Number:5B88DA6C7ADA7A593E729363BCB75843
  81. Fingerprint (SHA-1):8AE1D106CACCD3A2B7CBBF0FD8447EF02CB6E869
  83. # robots.txt for SonyPictures.com
  84. User-agent: *
  85. Disallow: /global
  86. Disallow: /homevideo/bluray/ajax
  88. The target site has no DNS wildcard, and the contents of http://sonypictures.com/search differ from the contents of http://www.sonypictures.com
  90. The contents of http://72.52.12.83 differ from the contents of http://www.sonypictures.com
  92. A robots.txt file was found at: “http://www.sonypictures.com/robots.txt&#8221;.
  94. The URL: “http://www.sonypictures.com/&#8221; sent the cookie: “NSC_tpozqjd-83+63+23+94-91=ffffffffc5dc2c5345525d5f4f58455e445a4a423660;path=/;httponly”.
  96. The URL: “http://www.sonypictures.com/&#8221; sent the cookie: “sto-id-20480=KABOAAAKFAAA; Expires=Fri, 29-Nov-2024 14:28:16 GMT; Path=/”.
  98. The URL: “http://www.sonypictures.com/&#8221; returned a response that may contain a “SHA1” hash. The hash is: “bf433b366f10c888002d617a38d2309abe303d79”
  99. ==================================================================================================================
  100. GET http://www.sonypictures.com/crossdomain.xml HTTP/1.1
  101. Host: http://www.sonypictures.com
  102. Cookie: NSC_tpozqjd-83+63+23+94-91=ffffffffc5dc2c5345525d5f4f58455e445a4a423660; sto-id-20480=KFBOAAAKFAAA
  104. crossdomain.xml” file allows access from: “www.sonypictures.com
  105. crossdomain.xml” file allows access from: “flash.sonypictures.com
  106. crossdomain.xml” file allows access from: “secure.sonypictures.com
  107. crossdomain.xml” file allows access from: “www.sonypictures.net
  108. crossdomain.xml” file allows access from: “www.sonypictures.co.uk
  109. crossdomain.xml” file allows access from: “www.sonypictures.com.au
  110. crossdomain.xml” file allows access from: “www.sonypictures.jp
  111. crossdomain.xml” file allows access from: “www.sonywonder.com
  112. crossdomain.xml” file allows access from: “www.wheeloffortune.com
  113. crossdomain.xml” file allows access from: “www.vannastyle.com
  114. crossdomain.xml” file allows access from: “www.jeopardy.com
  115. crossdomain.xml” file allows access from: “www.007.com
  116. crossdomain.xml” file allows access from: “www.battlela.com
  117. crossdomain.xml” file allows access from: “www.district9movie.com
  118. crossdomain.xml” file allows access from: “www.multinationalunited.com
  119. crossdomain.xml” file allows access from: “www.residentevil-movie.com
  121. The mail account: “jarancio@sonypictures.com
  122. The mail account: “alouie@sonypictures.com
  123. The mail account: “bjames@sonypictures.com
  124. The mail account: “amcelroy@sonypictures.com
  125. The mail account: “klee@sonypictures.com
  126. The mail account: “KKim@sonypictures.com
  127. The mail account: “ctewksbury@sonypictures.com
  128. The mail account: “stanimoto@sonypictures.com
  129. The mail account: “nbaleva@sonypictures.com
  130. The mail account: “cpoon@sonypictures.com
  131. The mail account: “bspaulding@sonypictures.com
  132. The mail account: “sbrooks@sonypictures.com
  133. The mail account: “croze@sonypictures.com
  134. The mail account: “richs@sonypictures.com
  135. The mail account: “kwilliams@sonypictures.com
  136. The mail account: “djordan@sonypictures.com
  137. ======================================================================================================================
  138. EXPLOITS:
  140. Server does not use secure renegotiation settings
  141. Site is more vulnerable to Denial of Service (DOS) attacks
  143. Server does not have session resumption enabled
  144. Users may experience slower performance
  146. Server has not enabled HTTP Strict-Transport-Security
  147. Users may be exposed to man-in-the-middle attacks
  149. Server doesn’t prefer ciphers that enable forward secrecy.
  150. Encrypted communications captured today are at risk of being decrypted by an attacker in the future.
  152. Server uses RC4 cipher with modern browsers
  153. More secure ciphers are available for TLS 1.1 and newer
  155. Server is using RC4-based ciphersuites which have known vulnerabilities
  156. Evaluate your client compatibility requirements to determine if you can disable RC4-based ciphersuites
  158. Server configuration does not meet FIPS guidelines
  159. Federal standards for data handling are not being met
  161. Server does not have OCSP stapling configured
  162. Users may receive slower performance and privacy may be reduced
  164. SSL 2.0 Disabled:Pass
  165. SSL 3.0 Disabled:Pass
  166. TLS 1.0 Enabled:Pass
  167. TLS 1.1 Enabled:Pass
  168. TLS 1.2 Enabled:Pass
  169. Weak ciphersuites disabled:Pass
  170. Certificates configured correctly:Pass
  171. Secure renegotiation configured:Fail  <<<<<
  172. Session resumption configured:Fail  <<<<<<
  173. BEAST Vulnerability:Pass
  174. OCSP Stapling:Fail <<<<<<
  175. PCI Compliant:Pass
  176. FIPS Compliant:Fail  <<<<
  177. Forward Secrecy Supported:Fail <<<<<
  178. Heartbleed Vulnerability:Pass
  180. Certificate validation URIs resolve to IPv6 addresses:Fail
  182. Strict Transport Security:Fail  <<<<<
  183. Mixed Content (HTTP and HTTPS):Timed Out <<<<<<
  184. Domain name resolves to IPv4 address:Pass
  185. Domain name resolves to IPv6 address:Fail <<<<<
  188. To Sony ‘ it is dissapointing to see a multi billion dollar Company ‘ have a GRADE F/ website System ?Yes i have Graded you ? i could strip & found more Exploits & Error’s ‘all day long.this Exploitation & Vulnerability Test is 43% ‘ Pull YouR sOcKS uP ‘ oh and “FURY” was a good Movie , you could make a Movie about how Sony got Hacked ‘ i assure you it would be a Box Office HIT .  p.s. you gonna have to take a pay cut & Fire someone in your Computer WEB/Security/ Department ???? ASAP

 

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.